All of lore.kernel.org
 help / color / mirror / Atom feed
From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: mark.yang@lge.com
Cc: meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725
Date: Fri, 3 Jul 2026 09:46:44 -0400	[thread overview]
Message-ID: <ake9RL8ybvG7cPV9@gmail.com> (raw)
In-Reply-To: <20260702074427.263216-1-mark.yang@lge.com>

merged.

Bruce

In message: [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725
on 02/07/2026 mark.yang via lists.yoctoproject.org wrote:

> From: "mark.yang" <mark.yang@lge.com>
> 
> Add CVE_PRODUCT to docker-compose that matches CPE.
> <vendor>:<product> must be set to docker:compose for proper matching.
> 
> CVE-2025-62725 was fixed in 2.40.2, but its record encodes the range as
> a plain "< 2.40.2" version string that automated version comparison
> cannot use, so mark it as fixed-version.
> 
> Signed-off-by: mark.yang <mark.yang@lge.com>
> ---
>  recipes-containers/docker-compose/docker-compose_git.bb | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/recipes-containers/docker-compose/docker-compose_git.bb b/recipes-containers/docker-compose/docker-compose_git.bb
> index d3798e35..5526912b 100644
> --- a/recipes-containers/docker-compose/docker-compose_git.bb
> +++ b/recipes-containers/docker-compose/docker-compose_git.bb
> @@ -33,6 +33,10 @@ GO_IMPORT = "import"
>  
>  PV = "5.1.4"
>  
> +CVE_PRODUCT = "docker:compose"
> +
> +CVE_STATUS[CVE-2025-62725] = "fixed-version: fixed in 2.40.2"
> +
>  COMPOSE_PKG = "github.com/docker/compose/v2"
>  
>  # go-mod-discovery configuration

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9909): https://lists.yoctoproject.org/g/meta-virtualization/message/9909
> Mute This Topic: https://lists.yoctoproject.org/mt/120079933/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 



      reply	other threads:[~2026-07-03 13:46 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-07-02  7:44 [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725 mark.yang
2026-07-03 13:46 ` Bruce Ashfield [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ake9RL8ybvG7cPV9@gmail.com \
    --to=bruce.ashfield@gmail.com \
    --cc=mark.yang@lge.com \
    --cc=meta-virtualization@lists.yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.