From 8dfbceca18476ca89aef1902d398d51da9ea2f66 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Sat, 24 Feb 2024 12:39:42 +0100 Subject: jsch,xerces-j: fix CVE_STATUS Last commit tried to convert CVE_CHECK_IGNORE to CVE_STATUS, however it was done in wrong way and caused the CVEs to be reported as open again. This fixes CVE_STATUS syntax. Signed-off-by: Peter Marko --- recipes-core/jcraft/jsch_0.1.40.bb | 3 +-- recipes-core/xerces-j/xerces-j_2.11.0.bb | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/recipes-core/jcraft/jsch_0.1.40.bb b/recipes-core/jcraft/jsch_0.1.40.bb index 8ef5c85..aeb04b4 100644 --- a/recipes-core/jcraft/jsch_0.1.40.bb +++ b/recipes-core/jcraft/jsch_0.1.40.bb @@ -25,8 +25,7 @@ do_compile() { SRC_URI[md5sum] = "b59cec19a487e95aed68378976b4b566" SRC_URI[sha256sum] = "ca9d2ae08fd7a8983fb00d04f0f0c216a985218a5eb364ff9bee73870f28e097" -# Ignore the CVE because it only affects Windows platforms -CVE_STATUS += "CVE-2016-5725" +CVE_STATUS[CVE-2016-5725] = "not-applicable-platform: Issue only applies on Windows" BBCLASSEXTEND = "native" diff --git a/recipes-core/xerces-j/xerces-j_2.11.0.bb b/recipes-core/xerces-j/xerces-j_2.11.0.bb index c7a54ab..45d3c43 100644 --- a/recipes-core/xerces-j/xerces-j_2.11.0.bb +++ b/recipes-core/xerces-j/xerces-j_2.11.0.bb @@ -18,7 +18,7 @@ SRC_URI = "http://archive.apache.org/dist/xerces/j/source/Xerces-J-src.${PV}.tar # Already fixed with updates and closed. # https://access.redhat.com/security/cve/CVE-2018-2799 # https://bugzilla.redhat.com/show_bug.cgi?id=1567542 -CVE_STATUS += "CVE-2018-2799" +CVE_STATUS[CVE-2018-2799] = "not-applicable-platform: Issue only applies on some Oracle Java SE and Red Hat Enterprise Linux versions" S = "${WORKDIR}/xerces-2_11_0" -- cgit v1.2.3-54-g00ecf