From b81ba45156a9143e06aa15363e825edc4e938a3b Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Tue, 17 Mar 2026 18:23:42 +0100
Subject: [PATCH] exiv2: mark CVE-2026-27631 patched

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631

Though NVD indicates that 0.28.8 is still vulnerable, that does
not seem to be the case: the fix that is referenced by the advisory
has been backported[1] to this verison. Due to this, mark this
CVE as patched.

[1]: https://github.com/Exiv2/exiv2/commit/21d129c842212c198dd887dbaafc5ce734e9dfad

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb b/meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb
index df0e72f5d6..9369daa805 100644
--- a/meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb
+++ b/meta-oe/recipes-support/exiv2/exiv2_0.28.8.bb
@@ -36,3 +36,5 @@ do_install_ptest(){
     install -d ${D}${PTEST_PATH}/src
     install ${S}/src/canonmn_int.cpp ${D}${PTEST_PATH}/src
 }
+
+CVE_STATUS[CVE-2026-27631] = "fixed-version: fixed in 0.28.8"