From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: youenn.lejeune@savoirfairelinux.com
Cc: meta-virtualization@lists.yoctoproject.org,
Enguerrand de Ribaucourt
<enguerrand.de-ribaucourt@savoirfairelinux.com>,
Erwann Roussy <erwann.roussy@savoirfairelinux.com>
Subject: Re: [meta-virtualization][PATCH] ceph, libvirt, openvswitch: marked some CVEs as patched
Date: Mon, 30 Mar 2026 19:36:03 +0000 [thread overview]
Message-ID: <acrQo0_tj86jBiT7@gmail.com> (raw)
In-Reply-To: <20260316120501.1216022-1-youenn.lejeune@savoirfairelinux.com>
merged.
Bruce
In message: [meta-virtualization][PATCH] ceph, libvirt, openvswitch: marked some CVEs as patched
on 16/03/2026 Youenn Le Jeune via lists.yoctoproject.org wrote:
> For ceph, libvirt and openvswitch, 9 CVEs were marked as "unpatched"
> whereas they have been patched long ago compared to the versions of
> the recipes, because the NVD database does not contain patched version
> for those CVEs.
>
> Reviewed-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
> Reviewed-by: Erwann Roussy <erwann.roussy@savoirfairelinux.com>
> Signed-off-by: Youenn Le Jeune <youenn.lejeune@savoirfairelinux.com>
> ---
> recipes-extended/ceph/ceph_git.bb | 3 +++
> recipes-extended/libvirt/libvirt_git.bb | 7 +++++++
> recipes-networking/openvswitch/openvswitch_git.bb | 2 ++
> 3 files changed, 12 insertions(+)
>
> diff --git a/recipes-extended/ceph/ceph_git.bb b/recipes-extended/ceph/ceph_git.bb
> index 2cf1c88a..728a420b 100644
> --- a/recipes-extended/ceph/ceph_git.bb
> +++ b/recipes-extended/ceph/ceph_git.bb
> @@ -192,3 +192,6 @@ INSANE_SKIP:${PN}-dbg += "buildpaths"
> CCACHE_DISABLE = "1"
>
> CVE_PRODUCT = "ceph ceph_storage ceph_storage_mon ceph_storage_osd"
> +
> +CVE_STATUS[CVE-2017-7519] = "fixed-version: Fixed in 12.1.2, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2020-1700] = "fixed-version: Fixed in 15.1.1, NVD tracks this as version-less vulnerability"
> diff --git a/recipes-extended/libvirt/libvirt_git.bb b/recipes-extended/libvirt/libvirt_git.bb
> index 63f882ee..8462c10c 100644
> --- a/recipes-extended/libvirt/libvirt_git.bb
> +++ b/recipes-extended/libvirt/libvirt_git.bb
> @@ -179,6 +179,13 @@ PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, -Dlibpcap=disabled,libpcap,libpcap"
> PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled,"
> PACKAGECONFIG[nftables] = ""
>
> +CVE_STATUS[CVE-2014-8135] = "fixed-version: Fixed in 1.2.11, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2014-8136] = "fixed-version: Fixed in 1.2.11, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2015-5313] = "fixed-version: Fixed in 1.3.1, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2018-5748] = "fixed-version: Fixed in 4.0.0, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2018-6764] = "fixed-version: Fixed in 4.1.0, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2023-3750] = "fixed-version: Fixed in 9.6.0, NVD tracks this as version-less vulnerability"
> +
> # Enable the Python tool support
> require libvirt-python.inc
>
> diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb
> index 4d6520e0..61c5e39c 100644
> --- a/recipes-networking/openvswitch/openvswitch_git.bb
> +++ b/recipes-networking/openvswitch/openvswitch_git.bb
> @@ -35,6 +35,8 @@ PACKAGECONFIG[dpdk] = "--with-dpdk=shared,,dpdk,dpdk"
> PACKAGECONFIG[libcap-ng] = "--enable-libcapng,--disable-libcapng,libcap-ng,"
> PACKAGECONFIG[ssl] = ",--disable-ssl,openssl,"
>
> +CVE_STATUS[CVE-2023-5366] = "fixed-version: Fixed in 3.2.2, NVD tracks this as version-less vulnerability"
> +
> # Don't compile kernel modules by default since it heavily depends on
> # kernel version. Use the in-kernel module for now.
> # distro layers can enable with EXTRA_OECONF_pn_openvswitch += ""
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9662): https://lists.yoctoproject.org/g/meta-virtualization/message/9662
> Mute This Topic: https://lists.yoctoproject.org/mt/118343262/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
prev parent reply other threads:[~2026-03-30 19:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-16 12:05 [meta-virtualization][PATCH] ceph, libvirt, openvswitch: marked some CVEs as patched Youenn Le Jeune
2026-03-30 19:36 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acrQo0_tj86jBiT7@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=enguerrand.de-ribaucourt@savoirfairelinux.com \
--cc=erwann.roussy@savoirfairelinux.com \
--cc=meta-virtualization@lists.yoctoproject.org \
--cc=youenn.lejeune@savoirfairelinux.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.