Message ID | 20240121191935.738504-1-simone.p.weiss@posteo.com |
---|---|
State | Accepted |
Headers | show |
Series | libgcc-initial: Update status of CVE-2023-4039 | expand |
> On 21 Jan 2024, at 19:19, Simone Weiß via lists.openembedded.org <simone.p.weiss=posteo.com@lists.openembedded.org> wrote: > +CVE_STATUS[CVE-2023-4039] = "fixed-version: Fixed via CVE-2023-4039.patch in gcc-13-2.inc which is added via require here” I’m guessing this is because gcc and friends all use gcc-source recipe, so gcc.bb doesn’t actually have any sources. This CVE_STATUS should be in the gcc-13.2.inc file, so that all the GCC recipes which use that source get the correct status. Ross
diff --git a/meta/recipes-devtools/gcc/libgcc-initial_13.2.bb b/meta/recipes-devtools/gcc/libgcc-initial_13.2.bb index a259082b47..fd66692185 100644 --- a/meta/recipes-devtools/gcc/libgcc-initial_13.2.bb +++ b/meta/recipes-devtools/gcc/libgcc-initial_13.2.bb @@ -3,3 +3,5 @@ require libgcc-initial.inc # Building with thumb enabled on armv6t fails ARM_INSTRUCTION_SET:armv6 = "arm" + +CVE_STATUS[CVE-2023-4039] = "fixed-version: Fixed via CVE-2023-4039.patch in gcc-13-2.inc which is added via require here"