Hi all,

I think during https://git.openembedded.org/meta-openembedded-contrib/commit/?h=stable/dunfell-nut&id=9ce3df8c2a10b45aa3695cf257aa27fd346d52a7 patch merge, PV variable is not updated and so CVE-2020-14354 is reported by cve tool. So removing PV can solve this.

I have verified using "bitbake -c cve_check c-ares" and after removing the PV variable, cve tool is not reporting
CVE-2020-14354 anymore.

Thanks,
Ranjitsinh