diff mbox series

[meta-oe] syslog-ng: ignore CVE-2022-38725

Message ID 20240204200025.451435-1-peter.marko@siemens.com
State Accepted
Headers show
Series [meta-oe] syslog-ng: ignore CVE-2022-38725 | expand

Commit Message

Peter Marko Feb. 4, 2024, 8 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

This CVE is fixed in 3.38.1, however cve-check indicates it as
not fixed because there is also cpe for premium version.
There is currently no method to filter this away in cve-check.

Relevant CPEs:
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:-:*:*:*       < 3.38.1
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb b/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
index 650c7bd5f3..77a5e67a42 100644
--- a/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
+++ b/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
@@ -30,6 +30,8 @@  SRC_URI[sha256sum] = "c16eafe447191c079f471846182876b7919d3d789af8c1f9fe55ab1452
 
 UPSTREAM_CHECK_URI = "https://github.com/balabit/syslog-ng/releases"
 
+CVE_STATUS[CVE-2022-38725] = "cpe-incorrect: cve-check wrongly matches cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32"
+
 inherit autotools gettext systemd pkgconfig update-rc.d multilib_header
 
 EXTRA_OECONF = " \