* [OE-core][PATCH] ovmf: set CVE_STATUS for a few CVEs
@ 2024-04-08 15:00 Qi.Chen
0 siblings, 0 replies; only message in thread
From: Qi.Chen @ 2024-04-08 15:00 UTC (permalink / raw
To: openembedded-core
From: Chen Qi <Qi.Chen@windriver.com>
For all those CVE-2019-xxxxx CVEs, following the links in NVD, we
can see they have all been fixed.
For CVE-2014-4859 and CVE-2014-4860, there's no useful links in NVD,
but according to the following two links, they have also been fixed.
https://security-tracker.debian.org/tracker/CVE-2014-4859
https://security-tracker.debian.org/tracker/CVE-2014-4860
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
---
meta/recipes-core/ovmf/ovmf_git.bb | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 97651faf62..35ca8d1834 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -34,6 +34,15 @@ CVE_PRODUCT = "edk2"
CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison."
+CVE_STATUS[CVE-2014-4859] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2014-4860] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14553] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14559] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14562] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14563] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14575] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14586] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14587] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
inherit deploy
--
2.34.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2024-04-08 15:01 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-08 15:00 [OE-core][PATCH] ovmf: set CVE_STATUS for a few CVEs Qi.Chen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).