For ceph, libvirt and openvswitch, 9 CVEs were marked as "unpatched" whereas they have been patched long ago compared to the versions of the recipes, because the NVD database does not contain patched version for those CVEs.
Reviewed-by: Enguerrand de Ribaucourt <[email protected]> Reviewed-by: Erwann Roussy <[email protected]> Signed-off-by: Youenn Le Jeune <[email protected]> --- recipes-extended/ceph/ceph_git.bb | 3 +++ recipes-extended/libvirt/libvirt_git.bb | 7 +++++++ recipes-networking/openvswitch/openvswitch_git.bb | 2 ++ 3 files changed, 12 insertions(+) diff --git a/recipes-extended/ceph/ceph_git.bb b/recipes-extended/ceph/ceph_git.bb index 2cf1c88a..728a420b 100644 --- a/recipes-extended/ceph/ceph_git.bb +++ b/recipes-extended/ceph/ceph_git.bb @@ -192,3 +192,6 @@ INSANE_SKIP:${PN}-dbg += "buildpaths" CCACHE_DISABLE = "1" CVE_PRODUCT = "ceph ceph_storage ceph_storage_mon ceph_storage_osd" + +CVE_STATUS[CVE-2017-7519] = "fixed-version: Fixed in 12.1.2, NVD tracks this as version-less vulnerability" +CVE_STATUS[CVE-2020-1700] = "fixed-version: Fixed in 15.1.1, NVD tracks this as version-less vulnerability" diff --git a/recipes-extended/libvirt/libvirt_git.bb b/recipes-extended/libvirt/libvirt_git.bb index 63f882ee..8462c10c 100644 --- a/recipes-extended/libvirt/libvirt_git.bb +++ b/recipes-extended/libvirt/libvirt_git.bb @@ -179,6 +179,13 @@ PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, -Dlibpcap=disabled,libpcap,libpcap" PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled," PACKAGECONFIG[nftables] = "" +CVE_STATUS[CVE-2014-8135] = "fixed-version: Fixed in 1.2.11, NVD tracks this as version-less vulnerability" +CVE_STATUS[CVE-2014-8136] = "fixed-version: Fixed in 1.2.11, NVD tracks this as version-less vulnerability" +CVE_STATUS[CVE-2015-5313] = "fixed-version: Fixed in 1.3.1, NVD tracks this as version-less vulnerability" +CVE_STATUS[CVE-2018-5748] = "fixed-version: Fixed in 4.0.0, NVD tracks this as version-less vulnerability" +CVE_STATUS[CVE-2018-6764] = "fixed-version: Fixed in 4.1.0, NVD tracks this as version-less vulnerability" +CVE_STATUS[CVE-2023-3750] = "fixed-version: Fixed in 9.6.0, NVD tracks this as version-less vulnerability" + # Enable the Python tool support require libvirt-python.inc diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb index 4d6520e0..61c5e39c 100644 --- a/recipes-networking/openvswitch/openvswitch_git.bb +++ b/recipes-networking/openvswitch/openvswitch_git.bb @@ -35,6 +35,8 @@ PACKAGECONFIG[dpdk] = "--with-dpdk=shared,,dpdk,dpdk" PACKAGECONFIG[libcap-ng] = "--enable-libcapng,--disable-libcapng,libcap-ng," PACKAGECONFIG[ssl] = ",--disable-ssl,openssl," +CVE_STATUS[CVE-2023-5366] = "fixed-version: Fixed in 3.2.2, NVD tracks this as version-less vulnerability" + # Don't compile kernel modules by default since it heavily depends on # kernel version. Use the in-kernel module for now. # distro layers can enable with EXTRA_OECONF_pn_openvswitch += "" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9662): https://lists.yoctoproject.org/g/meta-virtualization/message/9662 Mute This Topic: https://lists.yoctoproject.org/mt/118343262/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
