libarchive: ignore CVE-2024-37407

History of code changes: * introduced: https://github.com/ilibarchive/libarchive/commit/390d83012fdba8c8db7fc9915338805882b0597a (v3.7.2-52-g390d8301) * reverted: 6https://github.com/libarchive/libarchive/commit/2c8caf6611a7d0662d80176c4fdb40f85794699 (v3.7.2-53-g62c8caf6) * re-introduced: 9https://github.com/libarchive/libarchive/commit/1f27004a5c88589658e38d68e46d223da6b75ca (v3.7.3-14-g91f27004) * fixed: bhttps://github.com/libarchive/libarchive/commit/6a979481b7d77c12fa17bbed94576b63bbcb0c0 (v3.7.3-24-gb6a97948) Since there is no release where this CVE was present, we can safely ignore it. (From OE-Core rev: 2b407f34df5a768c271fc7049e7272d1a79c04a0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2024-07-18 18:42:19 +0200
committer: Steve Sakoman <steve@sakoman.com> 2024-07-24 07:51:58 -0700
commit: 67e1f5404cd3d4600c43a3676d24670e88aed5b7 (patch)
tree: 054a4d1be8c8dc57483c54f9dad32f78f5e45de5 /meta
parent: 3242d8234d4378ae756771294a742bb405d42ff6 (diff)
download: poky-67e1f5404cd3d4600c43a3676d24670e88aed5b7.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index c83eec9b1a..a7a3e47412 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -38,6 +38,8 @@ SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f
 # upstream-wontfix: upstream has documented that reported function is not thread-safe
 CVE_CHECK_IGNORE += "CVE-2023-30571"
+# cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948
+CVE_CHECK_IGNORE += "CVE-2024-37407"
 inherit autotools update-alternatives pkgconfig
author	Peter Marko <peter.marko@siemens.com>	2024-07-18 18:42:19 +0200
committer	Steve Sakoman <steve@sakoman.com>	2024-07-24 07:51:58 -0700
commit	67e1f5404cd3d4600c43a3676d24670e88aed5b7 (patch)
tree	054a4d1be8c8dc57483c54f9dad32f78f5e45de5 /meta
parent	3242d8234d4378ae756771294a742bb405d42ff6 (diff)
download	poky-67e1f5404cd3d4600c43a3676d24670e88aed5b7.tar.gz

diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index c83eec9b1a..a7a3e47412 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -38,6 +38,8 @@ SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f
38		38
39	# upstream-wontfix: upstream has documented that reported function is not thread-safe	39	# upstream-wontfix: upstream has documented that reported function is not thread-safe
40	CVE_CHECK_IGNORE += "CVE-2023-30571"	40	CVE_CHECK_IGNORE += "CVE-2023-30571"
		41	# cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948
		42	CVE_CHECK_IGNORE += "CVE-2024-37407"
41		43
42	inherit autotools update-alternatives pkgconfig	44	inherit autotools update-alternatives pkgconfig
43		45