diff mbox series

[meta-oe,2/2] grpc: set CVE_STATUS for CVE-2023-32732

Message ID 20230929112652.2898181-2-sanjay.chitroda@einfochips.com
State New
Headers show
Series [meta-oe,1/2] Revert "grpc: fix CVE-2023-32732" | expand

Commit Message

SANJAYKUMAR CHITRODA Sept. 29, 2023, 11:26 a.m. UTC 
From: Sanjay Chitroda <sanjay.chitroda@einfochips.com>

CVE was introduced in v1.53.0 and not backported to v1.50.x branch.

NVD references PR which introduces the vulnerability:
Introduce by: https://github.com/grpc/grpc/pull/32309 (v1.53.x)

Signed-off-by: Sanjay Chitroda <sanjay.chitroda@einfochips.com>
---
 meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb b/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
index 958992e1e..e05a0b1fb 100644
--- a/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
+++ b/meta-oe/recipes-devtools/grpc/grpc_1.50.1.bb
@@ -30,6 +30,8 @@  SRC_URI = "gitsm://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BR
 # Fixes build with older compilers 4.8 especially on ubuntu 14.04
 CXXFLAGS:append:class-native = " -Wl,--no-as-needed"
 
+CVE_STATUS[CVE-2023-32732] = "cpe-incorrect: CVE was introduced in v1.53.0 and not backported to v1.50.x branch"
+
 inherit cmake pkgconfig
 
 EXTRA_OECMAKE = " \