Re: [oe] [meta-gnome][whinlatter][PATCH] gimp: ignore already fixed CVEs

Thu, 05 Mar 2026 21:39:26 -0800 

On 3/6/26 05:41, Anuj Mittal wrote:
> This doesn't apply. Can you please check?

Apparently I have sent this a few days ago already, just forgot about
it... please ignore.

> On Fri, Mar 6, 2026 at 3:25 AM Gyorgy Sarvari via
> lists.openembedded.org <[email protected]>
> wrote:
>> There are a number of CVEs which are tracked by NVD with insufficient
>> version information, but are aleady fixed.
>>
>> CVE-2026-0797[1][2], CVE-2026-2044[3], CVE-2026-2045[4], CVE-2026-2047[5]
>> CVE-2026-2048[6]
>>
>> [1]: 
>> https://gitlab.gnome.org/GNOME/gimp/-/commit/13849c5a9a65c2366c47f703d9d075e4bfb83525
>> [2]: 
>> https://gitlab.gnome.org/GNOME/gimp/-/commit/ca449c745d58daa3f4b1ed4c2030d35d401a009d
>> [3]: 
>> https://gitlab.gnome.org/GNOME/gimp/-/commit/3b5f9ec2b4c03cf4a51a5414f2793844c26747e5
>> [4]: 
>> https://gitlab.gnome.org/GNOME/gimp/-/commit/bb896f67942557658b3fbfc67a1c073775c002c7
>> [5]: 
>> https://gitlab.gnome.org/GNOME/gimp/-/commit/5873e16f80cf4152d25a4c86b08553008a331e90
>> [6]: 
>> https://gitlab.gnome.org/GNOME/gimp/-/commit/fa69ac5ec5692f675de5c50a6df758f7d3e45117
>>
>> Signed-off-by: Gyorgy Sarvari <[email protected]>
>> ---
>>  meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb | 6 +++++-
>>  1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb 
>> b/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb
>> index 860fb5d26b..b22eb3a1d3 100644
>> --- a/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb
>> +++ b/meta-gnome/recipes-gimp/gimp/gimp_3.0.8.bb
>> @@ -135,4 +135,8 @@ RDEPENDS:${PN} = "mypaint-brushes-1.0 glib-networking 
>> python3-pygobject"
>>
>>  CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for 
>> Mandriva Linux"
>>  CVE_STATUS[CVE-2025-8672] = "not-applicable-config: the vulnerability only 
>> affects MacOS"
>> -CVE_STATUS[CVE-2025-15059] = "fixed-version: The issue is fixed since 
>> v3.0.8"
>> +
>> +CVE_STATUS_GROUPS += "CVE_STATUS_FIXED_IN_308"
>> +CVE_STATUS_FIXED_IN_308[status] = "fixed-version: The issue is fixed since 
>> v3.0.8"
>> +CVE_STATUS_FIXED_IN_308 = "CVE-2025-15059 CVE-2026-0797 CVE-2026-2044 
>> CVE-2026-2045 \
>> +    CVE-2026-2047 CVE-2026-2048"
>>
>> 
>>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#124899): 
https://lists.openembedded.org/g/openembedded-devel/message/124899
Mute This Topic: https://lists.openembedded.org/mt/118158077/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to