From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: mark.yang@lge.com
Cc: meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725
Date: Fri, 3 Jul 2026 09:46:44 -0400 [thread overview]
Message-ID: <ake9RL8ybvG7cPV9@gmail.com> (raw)
In-Reply-To: <20260702074427.263216-1-mark.yang@lge.com>
merged.
Bruce
In message: [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725
on 02/07/2026 mark.yang via lists.yoctoproject.org wrote:
> From: "mark.yang" <mark.yang@lge.com>
>
> Add CVE_PRODUCT to docker-compose that matches CPE.
> <vendor>:<product> must be set to docker:compose for proper matching.
>
> CVE-2025-62725 was fixed in 2.40.2, but its record encodes the range as
> a plain "< 2.40.2" version string that automated version comparison
> cannot use, so mark it as fixed-version.
>
> Signed-off-by: mark.yang <mark.yang@lge.com>
> ---
> recipes-containers/docker-compose/docker-compose_git.bb | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/recipes-containers/docker-compose/docker-compose_git.bb b/recipes-containers/docker-compose/docker-compose_git.bb
> index d3798e35..5526912b 100644
> --- a/recipes-containers/docker-compose/docker-compose_git.bb
> +++ b/recipes-containers/docker-compose/docker-compose_git.bb
> @@ -33,6 +33,10 @@ GO_IMPORT = "import"
>
> PV = "5.1.4"
>
> +CVE_PRODUCT = "docker:compose"
> +
> +CVE_STATUS[CVE-2025-62725] = "fixed-version: fixed in 2.40.2"
> +
> COMPOSE_PKG = "github.com/docker/compose/v2"
>
> # go-mod-discovery configuration
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9909): https://lists.yoctoproject.org/g/meta-virtualization/message/9909
> Mute This Topic: https://lists.yoctoproject.org/mt/120079933/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
prev parent reply other threads:[~2026-07-03 13:46 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-07-02 7:44 [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725 mark.yang
2026-07-03 13:46 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ake9RL8ybvG7cPV9@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=mark.yang@lge.com \
--cc=meta-virtualization@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.