cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS

- Try to add convert and apply statuses for old CVEs - Drop some obsolete ignores, while they are not relevant for current version Signed-off-by: Andrej Valek <andrej.valek@siemens.com> Reviewed-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
author: Andrej Valek <andrej.valek@siemens.com> 2023-07-20 09:19:50 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2023-07-21 11:47:45 +0100
commit: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7 (patch)
tree: bc385bd5f0997ff793f29f280af7e16be79a3f78 /meta/recipes-support/libxslt
parent: 176c814f8a103a338da3955e69745f81bc9b70a1 (diff)
download: openembedded-core-1634ed4048cf56788cd5c2c1bdc979b70afcdcd7.tar.gz
1 files changed, 1 insertions, 3 deletions
diff --git a/meta/recipes-support/libxslt/libxslt_1.1.38.bb b/meta/recipes-support/libxslt/libxslt_1.1.38.bb
index bf35a94b7f..ed5b15badd 100644
--- a/meta/recipes-support/libxslt/libxslt_1.1.38.bb
+++ b/meta/recipes-support/libxslt/libxslt_1.1.38.bb
@@ -19,9 +19,7 @@ SRC_URI[sha256sum] = "1f32450425819a09acaff2ab7a5a7f8a2ec7956e505d7beeb45e843d0e
 
 UPSTREAM_CHECK_REGEX = "libxslt-(?P<pver>\d+(\.\d+)+)\.tar"
 
-# We have libxml2 2.9.14 and we don't link statically with it anyway
-# so this isn't an issue.
-CVE_CHECK_IGNORE += "CVE-2022-29824"
+CVE_STATUS[CVE-2022-29824] = "not-applicable-config: Static linking to libxml2 is not enabled."
 
 S = "${WORKDIR}/libxslt-${PV}"
author	Andrej Valek <andrej.valek@siemens.com>	2023-07-20 09:19:50 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-07-21 11:47:45 +0100
commit	1634ed4048cf56788cd5c2c1bdc979b70afcdcd7 (patch)
tree	bc385bd5f0997ff793f29f280af7e16be79a3f78 /meta/recipes-support/libxslt
parent	176c814f8a103a338da3955e69745f81bc9b70a1 (diff)
download	openembedded-core-1634ed4048cf56788cd5c2c1bdc979b70afcdcd7.tar.gz