All of lore.kernel.org
 help / color / mirror / Atom feed
* [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725
@ 2026-07-02  7:44 mark.yang
  2026-07-03 13:46 ` Bruce Ashfield
  0 siblings, 1 reply; 2+ messages in thread
From: mark.yang @ 2026-07-02  7:44 UTC (permalink / raw)
  To: meta-virtualization; +Cc: mark.yang

From: "mark.yang" <mark.yang@lge.com>

Add CVE_PRODUCT to docker-compose that matches CPE.
<vendor>:<product> must be set to docker:compose for proper matching.

CVE-2025-62725 was fixed in 2.40.2, but its record encodes the range as
a plain "< 2.40.2" version string that automated version comparison
cannot use, so mark it as fixed-version.

Signed-off-by: mark.yang <mark.yang@lge.com>
---
 recipes-containers/docker-compose/docker-compose_git.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/recipes-containers/docker-compose/docker-compose_git.bb b/recipes-containers/docker-compose/docker-compose_git.bb
index d3798e35..5526912b 100644
--- a/recipes-containers/docker-compose/docker-compose_git.bb
+++ b/recipes-containers/docker-compose/docker-compose_git.bb
@@ -33,6 +33,10 @@ GO_IMPORT = "import"
 
 PV = "5.1.4"
 
+CVE_PRODUCT = "docker:compose"
+
+CVE_STATUS[CVE-2025-62725] = "fixed-version: fixed in 2.40.2"
+
 COMPOSE_PKG = "github.com/docker/compose/v2"
 
 # go-mod-discovery configuration


^ permalink raw reply related	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2026-07-03 13:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-07-02  7:44 [meta-virtualization][PATCH] docker-compose: add CVE_PRODUCT and CVE_STATUS for CVE-2025-62725 mark.yang
2026-07-03 13:46 ` Bruce Ashfield

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.