From 118faea62c3108b1170861a9119a77d41d099a37 Mon Sep 17 00:00:00 2001
From: Chen Qi <Qi.Chen@windriver.com>
Date: Sat, 6 Apr 2024 12:41:29 +0800
Subject: [PATCH] ovmf: set CVE_STATUS for CVE-2014-8271

CVE-2014-8271 has an unusual versioning, svn_16280, which breaks
the version comparison and gives us warning like below:

  Failed to compare 202308 < svn_16280 for CVE-2014-8271

The fix has been there since 2014, our current version has included
the fix.

(From OE-Core rev: fdd74b3f3e3a8a07a6107e6ef07198ebe63d2bc8)

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/ovmf/ovmf_git.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/ovmf/ovmf_git.bb b/meta/recipes-core/ovmf/ovmf_git.bb
index 5b1353b8e8..f98cec8035 100644
--- a/meta/recipes-core/ovmf/ovmf_git.bb
+++ b/meta/recipes-core/ovmf/ovmf_git.bb
@@ -33,6 +33,8 @@ UPSTREAM_CHECK_GITTAGREGEX = "(?P<pver>edk2-stable.*)"
 CVE_PRODUCT = "edk2"
 CVE_VERSION = "${@d.getVar('PV').split('stable')[1]}"
 
+CVE_STATUS[CVE-2014-8271] = "fixed-version: Fixed in svn_16280, which is an unusual versioning breaking version comparison."
+
 inherit deploy
 
 PARALLEL_MAKE = ""