merged. Bruce
In message: [meta-virtualization][PATCH] ceph, libvirt, openvswitch: marked some CVEs as patched on 16/03/2026 Youenn Le Jeune via lists.yoctoproject.org wrote: > For ceph, libvirt and openvswitch, 9 CVEs were marked as "unpatched" > whereas they have been patched long ago compared to the versions of > the recipes, because the NVD database does not contain patched version > for those CVEs. > > Reviewed-by: Enguerrand de Ribaucourt > <[email protected]> > Reviewed-by: Erwann Roussy <[email protected]> > Signed-off-by: Youenn Le Jeune <[email protected]> > --- > recipes-extended/ceph/ceph_git.bb | 3 +++ > recipes-extended/libvirt/libvirt_git.bb | 7 +++++++ > recipes-networking/openvswitch/openvswitch_git.bb | 2 ++ > 3 files changed, 12 insertions(+) > > diff --git a/recipes-extended/ceph/ceph_git.bb > b/recipes-extended/ceph/ceph_git.bb > index 2cf1c88a..728a420b 100644 > --- a/recipes-extended/ceph/ceph_git.bb > +++ b/recipes-extended/ceph/ceph_git.bb > @@ -192,3 +192,6 @@ INSANE_SKIP:${PN}-dbg += "buildpaths" > CCACHE_DISABLE = "1" > > CVE_PRODUCT = "ceph ceph_storage ceph_storage_mon ceph_storage_osd" > + > +CVE_STATUS[CVE-2017-7519] = "fixed-version: Fixed in 12.1.2, NVD tracks this > as version-less vulnerability" > +CVE_STATUS[CVE-2020-1700] = "fixed-version: Fixed in 15.1.1, NVD tracks this > as version-less vulnerability" > diff --git a/recipes-extended/libvirt/libvirt_git.bb > b/recipes-extended/libvirt/libvirt_git.bb > index 63f882ee..8462c10c 100644 > --- a/recipes-extended/libvirt/libvirt_git.bb > +++ b/recipes-extended/libvirt/libvirt_git.bb > @@ -179,6 +179,13 @@ PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, > -Dlibpcap=disabled,libpcap,libpcap" > PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled," > PACKAGECONFIG[nftables] = "" > > +CVE_STATUS[CVE-2014-8135] = "fixed-version: Fixed in 1.2.11, NVD tracks this > as version-less vulnerability" > +CVE_STATUS[CVE-2014-8136] = "fixed-version: Fixed in 1.2.11, NVD tracks this > as version-less vulnerability" > +CVE_STATUS[CVE-2015-5313] = "fixed-version: Fixed in 1.3.1, NVD tracks this > as version-less vulnerability" > +CVE_STATUS[CVE-2018-5748] = "fixed-version: Fixed in 4.0.0, NVD tracks this > as version-less vulnerability" > +CVE_STATUS[CVE-2018-6764] = "fixed-version: Fixed in 4.1.0, NVD tracks this > as version-less vulnerability" > +CVE_STATUS[CVE-2023-3750] = "fixed-version: Fixed in 9.6.0, NVD tracks this > as version-less vulnerability" > + > # Enable the Python tool support > require libvirt-python.inc > > diff --git a/recipes-networking/openvswitch/openvswitch_git.bb > b/recipes-networking/openvswitch/openvswitch_git.bb > index 4d6520e0..61c5e39c 100644 > --- a/recipes-networking/openvswitch/openvswitch_git.bb > +++ b/recipes-networking/openvswitch/openvswitch_git.bb > @@ -35,6 +35,8 @@ PACKAGECONFIG[dpdk] = "--with-dpdk=shared,,dpdk,dpdk" > PACKAGECONFIG[libcap-ng] = "--enable-libcapng,--disable-libcapng,libcap-ng," > PACKAGECONFIG[ssl] = ",--disable-ssl,openssl," > > +CVE_STATUS[CVE-2023-5366] = "fixed-version: Fixed in 3.2.2, NVD tracks this > as version-less vulnerability" > + > # Don't compile kernel modules by default since it heavily depends on > # kernel version. Use the in-kernel module for now. > # distro layers can enable with EXTRA_OECONF_pn_openvswitch += "" > -- > 2.34.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9682): https://lists.yoctoproject.org/g/meta-virtualization/message/9682 Mute This Topic: https://lists.yoctoproject.org/mt/118343262/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
