Message ID | 20240410125734.41558-2-ninette@thehoodiefirm.com |
---|---|
State | Under Review |
Headers | show |
Series | dash: Update CVE-2024-21485 status | expand |
diff --git a/meta-oe/recipes-shells/dash/dash_0.5.12.bb b/meta-oe/recipes-shells/dash/dash_0.5.12.bb index 947ef702d..ad3c75e97 100644 --- a/meta-oe/recipes-shells/dash/dash_0.5.12.bb +++ b/meta-oe/recipes-shells/dash/dash_0.5.12.bb @@ -10,6 +10,8 @@ inherit autotools update-alternatives SRC_URI = "http://gondor.apana.org.au/~herbert/${BPN}/files/${BP}.tar.gz" SRC_URI[sha256sum] = "6a474ac46e8b0b32916c4c60df694c82058d3297d8b385b74508030ca4a8f28a" +CVE_STATUS[CVE-2024-21485] = "cpe-incorrect: The recipe used in the meta-openembedded is a different dash package compared to the one which has the CVE issue." + EXTRA_OECONF += "--bindir=${base_bindir}" ALTERNATIVE:${PN} = "sh"
The recipe used in the meta-openembedded is a different dash package compared to the one which has the CVE issue. Package used in meta-openembedded: https://git.kernel.org/pub/scm/utils/dash/dash.git Package with CVE issue: https://github.com/plotly/dash No action required. This issue can be removed from the CVE list. Signed-off-by: Ninette Adhikari <ninette@thehoodiefirm.com> --- meta-oe/recipes-shells/dash/dash_0.5.12.bb | 2 ++ 1 file changed, 2 insertions(+)