ovmf: set CVE_STATUS for a few CVEs

For all those CVE-2019-xxxxx CVEs, following the links in NVD, we can see they have all been fixed. For CVE-2014-4859 and CVE-2014-4860, there's no useful links in NVD, but according to the following two links, they have also been fixed. https://security-tracker.debian.org/tracker/CVE-2014-4859 https://security-tracker.debian.org/tracker/CVE-2014-4860 (From OE-Core rev: 62f1e5d1bb8df17aaa14265a7acf60e5b44b53b5) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Chen Qi <Qi.Chen@windriver.com> 2024-04-08 23:00:15 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-04-08 17:35:35 +0100
commit: 87aed498b95774d3442af0f94c5caaa8f1e8006c (patch)
tree: 99d04144400616c7f26cf23b606493e9dc7dd3ee /meta/recipes-core
parent: c0b4eff954758d8f386e587bfc68f37648fd693f (diff)
download: poky-87aed498b95774d3442af0f94c5caaa8f1e8006c.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 97651faf62..35ca8d1834 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -34,6 +34,15 @@ CVE_PRODUCT = "edk2"
 CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
 CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison."
+CVE_STATUS[CVE-2014-4859] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2014-4860] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14553] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14559] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14562] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14563] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14575] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14586] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
+CVE_STATUS[CVE-2019-14587] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
 inherit deploy
author	Chen Qi <Qi.Chen@windriver.com>	2024-04-08 23:00:15 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-04-08 17:35:35 +0100
commit	87aed498b95774d3442af0f94c5caaa8f1e8006c (patch)
tree	99d04144400616c7f26cf23b606493e9dc7dd3ee /meta/recipes-core
parent	c0b4eff954758d8f386e587bfc68f37648fd693f (diff)
download	poky-87aed498b95774d3442af0f94c5caaa8f1e8006c.tar.gz

diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb index 97651faf62..35ca8d1834 100644 --- a/meta/recipes-core/ovmf/ovmf_git.bb +++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -34,6 +34,15 @@ CVE_PRODUCT = "edk2"
34	CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"	34	CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
35		35
36	CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison."	36	CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison."
		37	CVE_STATUS[CVE-2014-4859] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
		38	CVE_STATUS[CVE-2014-4860] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
		39	CVE_STATUS[CVE-2019-14553] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
		40	CVE_STATUS[CVE-2019-14559] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
		41	CVE_STATUS[CVE-2019-14562] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
		42	CVE_STATUS[CVE-2019-14563] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
		43	CVE_STATUS[CVE-2019-14575] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
		44	CVE_STATUS[CVE-2019-14586] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
		45	CVE_STATUS[CVE-2019-14587] = "fixed-version: The CPE in the NVD database doesn't reflect correctly the vulnerable versions."
37		46
38	inherit deploy	47	inherit deploy
39		48