* [PATCH 0/1] st: Update status for CVE-2017-16224
@ 2024-04-29 11:02 Ninette Adhikari
2024-04-29 11:02 ` [PATCH 1/1] " Ninette Adhikari
0 siblings, 1 reply; 4+ messages in thread
From: Ninette Adhikari @ 2024-04-29 11:02 UTC (permalink / raw)
To: openembedded-devel; +Cc: engineering, Ninette Adhikari
The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue.
Package used in meta-embedded: https://st.suckless.org/
Package with CVE issue: https://www.npmjs.com/package/st
No action required.
Ninette Adhikari (1):
st: Update status for CVE-2017-16224
meta-oe/recipes-graphics/suckless/st_0.9.2.bb | 2 ++
1 file changed, 2 insertions(+)
--
2.44.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/1] st: Update status for CVE-2017-16224
2024-04-29 11:02 [PATCH 0/1] st: Update status for CVE-2017-16224 Ninette Adhikari
@ 2024-04-29 11:02 ` Ninette Adhikari
2024-04-29 11:54 ` [oe] " Marko, Peter
0 siblings, 1 reply; 4+ messages in thread
From: Ninette Adhikari @ 2024-04-29 11:02 UTC (permalink / raw)
To: openembedded-devel; +Cc: engineering, Ninette Adhikari
The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue.
Package used in meta-embedded: https://st.suckless.org/
Package with CVE issue: https://www.npmjs.com/package/st
No action required.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
---
meta-oe/recipes-graphics/suckless/st_0.9.2.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb
index 5e0f2e71c..984695a31 100644
--- a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb
+++ b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb
@@ -33,3 +33,5 @@ ALTERNATIVE:${PN} = "st st-256color"
ALTERNATIVE_LINK_NAME[st] = "${datadir}/terminfo/s/st"
ALTERNATIVE_LINK_NAME[st-256color] = "${datadir}/terminfo/s/st-256color"
+
+CVE_STATUS[CVE-2017-16224] = "ignored: The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue."
--
2.44.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
* RE: [oe] [PATCH 1/1] st: Update status for CVE-2017-16224
2024-04-29 11:02 ` [PATCH 1/1] " Ninette Adhikari
@ 2024-04-29 11:54 ` Marko, Peter
2024-04-29 14:31 ` [PATCH v2] " Ninette Adhikari
0 siblings, 1 reply; 4+ messages in thread
From: Marko, Peter @ 2024-04-29 11:54 UTC (permalink / raw)
To: ninette, openembedded-devel; +Cc: engineering
"ignored:" should not be used, see https://git.openembedded.org/openembedded-core/tree/meta/conf/cve-check-map.conf#n17
When CPE matches wrong component, then use "cpe-incorrect:".
Peter
-----Original Message-----
From: openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org> On Behalf Of Ninette Adhikari via lists.openembedded.org
Sent: Monday, April 29, 2024 13:02
To: openembedded-devel@lists.openembedded.org
Cc: engineering@neighbourhood.ie; Ninette Adhikari <ninette@thehoodiefirm.com>
Subject: [oe] [PATCH 1/1] st: Update status for CVE-2017-16224
> The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue.
> Package used in meta-embedded: https://st.suckless.org/ Package with CVE issue: https://www.npmjs.com/package/st No action required.
>
> Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
> ---
> meta-oe/recipes-graphics/suckless/st_0.9.2.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb
> index 5e0f2e71c..984695a31 100644
> --- a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb
> +++ b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb
> @@ -33,3 +33,5 @@ ALTERNATIVE:${PN} = "st st-256color"
> ALTERNATIVE_LINK_NAME[st] = "${datadir}/terminfo/s/st"
>
> ALTERNATIVE_LINK_NAME[st-256color] = "${datadir}/terminfo/s/st-256color"
> +
> +CVE_STATUS[CVE-2017-16224] = "ignored: The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue."
> --
> 2.44.0
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH v2] st: Update status for CVE-2017-16224
2024-04-29 11:54 ` [oe] " Marko, Peter
@ 2024-04-29 14:31 ` Ninette Adhikari
0 siblings, 0 replies; 4+ messages in thread
From: Ninette Adhikari @ 2024-04-29 14:31 UTC (permalink / raw)
To: openembedded-devel; +Cc: engineering, Peter.Marko, Ninette Adhikari
The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue.
Package used in meta-embedded: https://st.suckless.org/
Package with CVE issue: https://www.npmjs.com/package/st
No action required.
Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com>
---
meta-oe/recipes-graphics/suckless/st_0.9.2.bb | 2 ++
1 file changed, 2 insertions(+)
diff --git a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb
index 5e0f2e71c..22ad0211b 100644
--- a/meta-oe/recipes-graphics/suckless/st_0.9.2.bb
+++ b/meta-oe/recipes-graphics/suckless/st_0.9.2.bb
@@ -33,3 +33,5 @@ ALTERNATIVE:${PN} = "st st-256color"
ALTERNATIVE_LINK_NAME[st] = "${datadir}/terminfo/s/st"
ALTERNATIVE_LINK_NAME[st-256color] = "${datadir}/terminfo/s/st-256color"
+
+CVE_STATUS[CVE-2017-16224] = "cpe-incorrect: The recipe used in the meta-openembedded is a different st package compared to the one which has the CVE issue."
--
2.44.0
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2024-04-29 14:31 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-04-29 11:02 [PATCH 0/1] st: Update status for CVE-2017-16224 Ninette Adhikari
2024-04-29 11:02 ` [PATCH 1/1] " Ninette Adhikari
2024-04-29 11:54 ` [oe] " Marko, Peter
2024-04-29 14:31 ` [PATCH v2] " Ninette Adhikari
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).