From a9741a9d9ce251e2fafe93f44475648eebaed586 Mon Sep 17 00:00:00 2001 From: Ninette Adhikari Date: Wed, 26 Jun 2024 08:06:12 -0700 Subject: [PATCH] apache2:apache2-native: CVE status update Update status for: CVE-2007-6421, CVE-2007-6422, CVE-2007-6423, CVE-2008-2168 CPE is incorrect, the current version (2.4.59) is not affected. Signed-off-by: Ninette Adhikari Signed-off-by: Khem Raj --- meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb index 1632c6ccb1..6dfecef8de 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb @@ -37,6 +37,11 @@ DEPENDS = "openssl expat pcre apr apr-util apache2-native " CVE_PRODUCT = "apache:http_server" +CVE_STATUS[CVE-2007-6421] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)" +CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)" +CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev" +CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version (2.4.59) is not affected by the CVE which affects versions up to 2.2.6 (excl.)" + SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"