All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-virtualization][PATCH] ceph, libvirt, openvswitch: marked some CVEs as patched
@ 2026-03-16 12:05 Youenn Le Jeune
  2026-03-30 19:36 ` Bruce Ashfield
  0 siblings, 1 reply; 2+ messages in thread
From: Youenn Le Jeune @ 2026-03-16 12:05 UTC (permalink / raw)
  To: meta-virtualization
  Cc: Youenn Le Jeune, Enguerrand de Ribaucourt, Erwann Roussy

For ceph, libvirt and openvswitch, 9 CVEs were marked as "unpatched"
whereas they have been patched long ago compared to the versions of
the recipes, because the NVD database does not contain patched version
for those CVEs.

Reviewed-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
Reviewed-by: Erwann Roussy <erwann.roussy@savoirfairelinux.com>
Signed-off-by: Youenn Le Jeune <youenn.lejeune@savoirfairelinux.com>
---
 recipes-extended/ceph/ceph_git.bb                 | 3 +++
 recipes-extended/libvirt/libvirt_git.bb           | 7 +++++++
 recipes-networking/openvswitch/openvswitch_git.bb | 2 ++
 3 files changed, 12 insertions(+)

diff --git a/recipes-extended/ceph/ceph_git.bb b/recipes-extended/ceph/ceph_git.bb
index 2cf1c88a..728a420b 100644
--- a/recipes-extended/ceph/ceph_git.bb
+++ b/recipes-extended/ceph/ceph_git.bb
@@ -192,3 +192,6 @@ INSANE_SKIP:${PN}-dbg += "buildpaths"
 CCACHE_DISABLE = "1"
 
 CVE_PRODUCT = "ceph ceph_storage ceph_storage_mon ceph_storage_osd"
+
+CVE_STATUS[CVE-2017-7519] = "fixed-version: Fixed in 12.1.2, NVD tracks this as version-less vulnerability"
+CVE_STATUS[CVE-2020-1700] = "fixed-version: Fixed in 15.1.1, NVD tracks this as version-less vulnerability"
diff --git a/recipes-extended/libvirt/libvirt_git.bb b/recipes-extended/libvirt/libvirt_git.bb
index 63f882ee..8462c10c 100644
--- a/recipes-extended/libvirt/libvirt_git.bb
+++ b/recipes-extended/libvirt/libvirt_git.bb
@@ -179,6 +179,13 @@ PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, -Dlibpcap=disabled,libpcap,libpcap"
 PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled,"
 PACKAGECONFIG[nftables] = ""
 
+CVE_STATUS[CVE-2014-8135] = "fixed-version: Fixed in 1.2.11, NVD tracks this as version-less vulnerability"
+CVE_STATUS[CVE-2014-8136] = "fixed-version: Fixed in 1.2.11, NVD tracks this as version-less vulnerability"
+CVE_STATUS[CVE-2015-5313] = "fixed-version: Fixed in 1.3.1, NVD tracks this as version-less vulnerability"
+CVE_STATUS[CVE-2018-5748] = "fixed-version: Fixed in 4.0.0, NVD tracks this as version-less vulnerability"
+CVE_STATUS[CVE-2018-6764] = "fixed-version: Fixed in 4.1.0, NVD tracks this as version-less vulnerability"
+CVE_STATUS[CVE-2023-3750] = "fixed-version: Fixed in 9.6.0, NVD tracks this as version-less vulnerability"
+
 # Enable the Python tool support
 require libvirt-python.inc
 
diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb
index 4d6520e0..61c5e39c 100644
--- a/recipes-networking/openvswitch/openvswitch_git.bb
+++ b/recipes-networking/openvswitch/openvswitch_git.bb
@@ -35,6 +35,8 @@ PACKAGECONFIG[dpdk] = "--with-dpdk=shared,,dpdk,dpdk"
 PACKAGECONFIG[libcap-ng] = "--enable-libcapng,--disable-libcapng,libcap-ng,"
 PACKAGECONFIG[ssl] = ",--disable-ssl,openssl,"
 
+CVE_STATUS[CVE-2023-5366] = "fixed-version: Fixed in 3.2.2, NVD tracks this as version-less vulnerability"
+
 # Don't compile kernel modules by default since it heavily depends on
 # kernel version. Use the in-kernel module for now.
 # distro layers can enable with EXTRA_OECONF_pn_openvswitch += ""
-- 
2.34.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-03-30 19:36 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-16 12:05 [meta-virtualization][PATCH] ceph, libvirt, openvswitch: marked some CVEs as patched Youenn Le Jeune
2026-03-30 19:36 ` Bruce Ashfield

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.