All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725
@ 2026-07-02  7:44 mark.yang
  2026-07-03 13:46 ` Bruce Ashfield
  0 siblings, 1 reply; 2+ messages in thread
From: mark.yang @ 2026-07-02  7:44 UTC (permalink / raw)
  To: meta-virtualization; +Cc: mark.yang

From: "mark.yang" <mark.yang@lge.com>

Add CVE_PRODUCT to docker-compose that matches CPE.
<vendor>:<product> must be set to docker:compose for proper matching.

CVE-2025-62725 was fixed in 2.40.2, but its record encodes the range as
a plain "< 2.40.2" version string that automated version comparison
cannot use, so mark it as fixed-version.

Signed-off-by: mark.yang <mark.yang@lge.com>
---
 recipes-containers/docker-compose/docker-compose_git.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/recipes-containers/docker-compose/docker-compose_git.bb b/recipes-containers/docker-compose/docker-compose_git.bb
index d3798e35..5526912b 100644
--- a/recipes-containers/docker-compose/docker-compose_git.bb
+++ b/recipes-containers/docker-compose/docker-compose_git.bb
@@ -33,6 +33,10 @@ GO_IMPORT = "import"
 
 PV = "5.1.4"
 
+CVE_PRODUCT = "docker:compose"
+
+CVE_STATUS[CVE-2025-62725] = "fixed-version: fixed in 2.40.2"
+
 COMPOSE_PKG = "github.com/docker/compose/v2"
 
 # go-mod-discovery configuration


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725
  2026-07-02  7:44 [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725 mark.yang
@ 2026-07-03 13:46 ` Bruce Ashfield
  0 siblings, 0 replies; 2+ messages in thread
From: Bruce Ashfield @ 2026-07-03 13:46 UTC (permalink / raw)
  To: mark.yang; +Cc: meta-virtualization

merged.

Bruce

In message: [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725
on 02/07/2026 mark.yang via lists.yoctoproject.org wrote:

> From: "mark.yang" <mark.yang@lge.com>
> 
> Add CVE_PRODUCT to docker-compose that matches CPE.
> <vendor>:<product> must be set to docker:compose for proper matching.
> 
> CVE-2025-62725 was fixed in 2.40.2, but its record encodes the range as
> a plain "< 2.40.2" version string that automated version comparison
> cannot use, so mark it as fixed-version.
> 
> Signed-off-by: mark.yang <mark.yang@lge.com>
> ---
>  recipes-containers/docker-compose/docker-compose_git.bb | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/recipes-containers/docker-compose/docker-compose_git.bb b/recipes-containers/docker-compose/docker-compose_git.bb
> index d3798e35..5526912b 100644
> --- a/recipes-containers/docker-compose/docker-compose_git.bb
> +++ b/recipes-containers/docker-compose/docker-compose_git.bb
> @@ -33,6 +33,10 @@ GO_IMPORT = "import"
>  
>  PV = "5.1.4"
>  
> +CVE_PRODUCT = "docker:compose"
> +
> +CVE_STATUS[CVE-2025-62725] = "fixed-version: fixed in 2.40.2"
> +
>  COMPOSE_PKG = "github.com/docker/compose/v2"
>  
>  # go-mod-discovery configuration

> 
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9909): https://lists.yoctoproject.org/g/meta-virtualization/message/9909
> Mute This Topic: https://lists.yoctoproject.org/mt/120079933/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
> 



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-07-03 13:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-02  7:44 [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725 mark.yang
2026-07-03 13:46 ` Bruce Ashfield

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.