From 87ebb58a64fc46ca4d7d16b4bc218310ce5c2229 Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 13 Oct 2024 14:56:42 +0200
Subject: [PATCH] gcc: ignore CVE-2023-4039

Last version bump removed patch for this CVE because it was integrated
in new release. This has caused the CVE to reappear in reports because
2023-09-12 is "higher" than 11.5...

(From OE-Core rev: d74fd7c4e9353fc00f0b79f05de101efb0148a6f)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/gcc/gcc-11.5.inc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta/recipes-devtools/gcc/gcc-11.5.inc b/meta/recipes-devtools/gcc/gcc-11.5.inc
index c316d2a9a0..5d29b8e61e 100644
--- a/meta/recipes-devtools/gcc/gcc-11.5.inc
+++ b/meta/recipes-devtools/gcc/gcc-11.5.inc
@@ -121,3 +121,6 @@ EXTRA_OECONF_PATHS = "\
 
 # Is a binutils 2.26 issue, not gcc
 CVE_CHECK_IGNORE += "CVE-2021-37322"
+
+# This is fixed by commit 75c37e0314, nvd uses arm versioning (2023-09-12) which will alway be higher than 11.x
+CVE_CHECK_IGNORE += "CVE-2023-4039"