[oe] [meta-networking][kirkstone][PATCH] opem-vm-tools: ignore multiple CVEs

Tue, 03 Mar 2026 04:46:09 -0800 

Details: https://nvd.nist.gov/vuln/detail/CVE-2014-4199
https://nvd.nist.gov/vuln/detail/CVE-2014-4200
https://nvd.nist.gov/vuln/detail/CVE-2022-22943
https://nvd.nist.gov/vuln/detail/CVE-2022-22977
https://nvd.nist.gov/vuln/detail/CVE-2022-31693
https://nvd.nist.gov/vuln/detail/CVE-2023-34057

The fixes for the first two vulnerabilities are already present in the
used version.

As identified by Redhat:
CVE-2014-4199: it has been fixed since version 9.10.2[1]
CVE-2014-4200: it has been fixed since version 9.4.6[2]

CVE-2022-22943, CVE-2022-22977 and CVE-2022-31693 affect only Windows.

CVE-2023-34059 affects only Windows and MacOS.

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4199
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4200
Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../open-vm-tools/open-vm-tools_11.3.5.bb              | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git 
a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb 
b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb
index 0e671b6557..3d3b2887bc 100644
--- a/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb
+++ b/meta-networking/recipes-support/open-vm-tools/open-vm-tools_11.3.5.bb
@@ -126,3 +126,13 @@ python() {
     if 'filesystems-layer' not in d.getVar('BBFILE_COLLECTIONS').split():
         raise bb.parse.SkipRecipe('Requires meta-filesystems to be present to 
provide fuse.')
 }
+
+# fixed since 9.10.2
+CVE_CHECK_IGNORE = "CVE-2014-4199"
+
+# fixed since 9.4.6
+CVE_CHECK_IGNORE += "CVE-2014-4200"
+
+# Windows-only vulnerability
+CVE_CHECK_IGNORE += "CVE-2022-22943 CVE-2022-22977 CVE-2022-31693 
CVE-2023-34057"
+

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#124831): 
https://lists.openembedded.org/g/openembedded-devel/message/124831
Mute This Topic: https://lists.openembedded.org/mt/118112505/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to