mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 05:10:20 +00:00
Code Issues Projects Releases Wiki Activity

dovecot: ignore already fixed CVEs

Browse Source 
The following CVEs are fixed in the current version already,
however they are tracked without version info.

Upstream has confirmed[1] that these vulnerabilities are fixed,
and Debian has also identified the relevant commits:

CVE-2025-30189: https://security-tracker.debian.org/tracker/CVE-2025-30189
CVE-2026-0394: https://security-tracker.debian.org/tracker/CVE-2026-0394
CVE-2026-24031: https://security-tracker.debian.org/tracker/CVE-2026-24031
CVE-2026-27855: https://security-tracker.debian.org/tracker/CVE-2026-27855
CVE-2026-27860: https://security-tracker.debian.org/tracker/CVE-2026-27860

[1]: https://seclists.org/fulldisclosure/2026/Mar/13

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-06 14:03:10 +02:00
committed by Khem Raj
parent 34628ad546
commit e99441755f
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-networking/recipes-support/dovecot/dovecot_2.4.3.bb
+5
View File
@@ -81,3 +81,8 @@ FILES:${PN}-dev += "${libdir}/dovecot/libdovecot*.so"
FILES:${PN}-dbg += "${libdir}/dovecot/*/.debug"
CVE_STATUS[CVE-2016-4983] = "not-applicable-platform: Affects only postinstall script on specific distribution."
CVE_STATUS[CVE-2025-59031] = "fixed-version: fixed since v2.4.2"
CVE_STATUS[CVE-2026-0394] = "fixed-version: fixed since v2.4.1"
CVE_STATUS[CVE-2026-24031] = "fixed-version: fixed since v2.4.3"
CVE_STATUS[CVE-2026-27855] = "fixed-version: fixed since v2.4.3"
CVE_STATUS[CVE-2026-27860] = "fixed-version: fixed since v2.4.3"