From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: youenn.lejeune@savoirfairelinux.com
Cc: meta-virtualization@lists.yoctoproject.org,
Enguerrand de Ribaucourt
<enguerrand.de-ribaucourt@savoirfairelinux.com>,
Erwann Roussy <erwann.roussy@savoirfairelinux.com>
Subject: Re: [meta-virtualization][PATCH] ceph, libvirt, openvswitch: marked some CVEs as patched
Date: Mon, 30 Mar 2026 19:36:03 +0000 [thread overview]
Message-ID: <acrQo0_tj86jBiT7@gmail.com> (raw)
In-Reply-To: <20260316120501.1216022-1-youenn.lejeune@savoirfairelinux.com>
merged.
Bruce
In message: [meta-virtualization][PATCH] ceph, libvirt, openvswitch: marked some CVEs as patched
on 16/03/2026 Youenn Le Jeune via lists.yoctoproject.org wrote:
> For ceph, libvirt and openvswitch, 9 CVEs were marked as "unpatched"
> whereas they have been patched long ago compared to the versions of
> the recipes, because the NVD database does not contain patched version
> for those CVEs.
>
> Reviewed-by: Enguerrand de Ribaucourt <enguerrand.de-ribaucourt@savoirfairelinux.com>
> Reviewed-by: Erwann Roussy <erwann.roussy@savoirfairelinux.com>
> Signed-off-by: Youenn Le Jeune <youenn.lejeune@savoirfairelinux.com>
> ---
> recipes-extended/ceph/ceph_git.bb | 3 +++
> recipes-extended/libvirt/libvirt_git.bb | 7 +++++++
> recipes-networking/openvswitch/openvswitch_git.bb | 2 ++
> 3 files changed, 12 insertions(+)
>
> diff --git a/recipes-extended/ceph/ceph_git.bb b/recipes-extended/ceph/ceph_git.bb
> index 2cf1c88a..728a420b 100644
> --- a/recipes-extended/ceph/ceph_git.bb
> +++ b/recipes-extended/ceph/ceph_git.bb
> @@ -192,3 +192,6 @@ INSANE_SKIP:${PN}-dbg += "buildpaths"
> CCACHE_DISABLE = "1"
>
> CVE_PRODUCT = "ceph ceph_storage ceph_storage_mon ceph_storage_osd"
> +
> +CVE_STATUS[CVE-2017-7519] = "fixed-version: Fixed in 12.1.2, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2020-1700] = "fixed-version: Fixed in 15.1.1, NVD tracks this as version-less vulnerability"
> diff --git a/recipes-extended/libvirt/libvirt_git.bb b/recipes-extended/libvirt/libvirt_git.bb
> index 63f882ee..8462c10c 100644
> --- a/recipes-extended/libvirt/libvirt_git.bb
> +++ b/recipes-extended/libvirt/libvirt_git.bb
> @@ -179,6 +179,13 @@ PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, -Dlibpcap=disabled,libpcap,libpcap"
> PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled,"
> PACKAGECONFIG[nftables] = ""
>
> +CVE_STATUS[CVE-2014-8135] = "fixed-version: Fixed in 1.2.11, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2014-8136] = "fixed-version: Fixed in 1.2.11, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2015-5313] = "fixed-version: Fixed in 1.3.1, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2018-5748] = "fixed-version: Fixed in 4.0.0, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2018-6764] = "fixed-version: Fixed in 4.1.0, NVD tracks this as version-less vulnerability"
> +CVE_STATUS[CVE-2023-3750] = "fixed-version: Fixed in 9.6.0, NVD tracks this as version-less vulnerability"
> +
> # Enable the Python tool support
> require libvirt-python.inc
>
> diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb
> index 4d6520e0..61c5e39c 100644
> --- a/recipes-networking/openvswitch/openvswitch_git.bb
> +++ b/recipes-networking/openvswitch/openvswitch_git.bb
> @@ -35,6 +35,8 @@ PACKAGECONFIG[dpdk] = "--with-dpdk=shared,,dpdk,dpdk"
> PACKAGECONFIG[libcap-ng] = "--enable-libcapng,--disable-libcapng,libcap-ng,"
> PACKAGECONFIG[ssl] = ",--disable-ssl,openssl,"
>
> +CVE_STATUS[CVE-2023-5366] = "fixed-version: Fixed in 3.2.2, NVD tracks this as version-less vulnerability"
> +
> # Don't compile kernel modules by default since it heavily depends on
> # kernel version. Use the in-kernel module for now.
> # distro layers can enable with EXTRA_OECONF_pn_openvswitch += ""
> --
> 2.34.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#9662): https://lists.yoctoproject.org/g/meta-virtualization/message/9662
> Mute This Topic: https://lists.yoctoproject.org/mt/118343262/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
prev parent reply other threads:[~2026-03-30 19:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-16 12:05 [meta-virtualization][PATCH] ceph, libvirt, openvswitch: marked some CVEs as patched Youenn Le Jeune
2026-03-30 19:36 ` Bruce Ashfield [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=acrQo0_tj86jBiT7@gmail.com \
--to=bruce.ashfield@gmail.com \
--cc=enguerrand.de-ribaucourt@savoirfairelinux.com \
--cc=erwann.roussy@savoirfairelinux.com \
--cc=meta-virtualization@lists.yoctoproject.org \
--cc=youenn.lejeune@savoirfairelinux.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox