From 0ccbd4614eec2fd35fdb7d05cc13b36ff1105af6 Mon Sep 17 00:00:00 2001 From: Ninette Adhikari Date: Wed, 3 Jul 2024 09:47:36 -0700 Subject: [PATCH 1/2] gimp: CVE status update Update status for: CVE-2007-3741, CVE-2009-0581, CVE-2009-0723, CVE-2009-0733 Signed-off-by: Ninette Adhikari --- meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb index 833341f8505..a17e03b103e 100644 --- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb +++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb @@ -73,3 +73,8 @@ do_compile:prepend() { FILES:${PN} += "${datadir}/metainfo" RDEPENDS:${PN} += "mypaint-brushes-1.0" + +CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux" +CVE_STATUS[CVE-2009-0581] = "cpe-incorrect: The current version (2.10.38) is not affected." +CVE_STATUS[CVE-2009-0723] = "cpe-incorrect: The current version (2.10.38) is not affected." +CVE_STATUS[CVE-2009-0733] = "cpe-incorrect: The current version (2.10.38) is not affected." From 88e531eaaae3f268c91012a62fbb41dab88e6f65 Mon Sep 17 00:00:00 2001 From: Ninette Adhikari Date: Wed, 3 Jul 2024 09:50:22 -0700 Subject: [PATCH 2/2] add patch files --- 0000-cover-letter.patch | 16 ++++++++++++++++ 0001-gimp-CVE-status-update.patch | 28 ++++++++++++++++++++++++++++ 2 files changed, 44 insertions(+) create mode 100644 0000-cover-letter.patch create mode 100644 0001-gimp-CVE-status-update.patch diff --git a/0000-cover-letter.patch b/0000-cover-letter.patch new file mode 100644 index 00000000000..68bfc9c0e35 --- /dev/null +++ b/0000-cover-letter.patch @@ -0,0 +1,16 @@ +From 0ccbd4614eec2fd35fdb7d05cc13b36ff1105af6 Mon Sep 17 00:00:00 2001 +From: Ninette Adhikari +Date: Wed, 3 Jul 2024 09:49:16 -0700 +Subject: [PATCH 0/1] gimp: CVE status update + +Update status for: CVE-2007-3741, CVE-2009-0581, CVE-2009-0723, CVE-2009-0733 + +Ninette Adhikari (1): + gimp: CVE status update + + meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 5 +++++ + 1 file changed, 5 insertions(+) + +-- +2.44.0 + diff --git a/0001-gimp-CVE-status-update.patch b/0001-gimp-CVE-status-update.patch new file mode 100644 index 00000000000..e743cbbfe9b --- /dev/null +++ b/0001-gimp-CVE-status-update.patch @@ -0,0 +1,28 @@ +From 0ccbd4614eec2fd35fdb7d05cc13b36ff1105af6 Mon Sep 17 00:00:00 2001 +From: Ninette Adhikari +Date: Wed, 3 Jul 2024 09:47:36 -0700 +Subject: [PATCH 1/1] gimp: CVE status update + +Update status for: CVE-2007-3741, CVE-2009-0581, CVE-2009-0723, CVE-2009-0733 + +Signed-off-by: Ninette Adhikari +--- + meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb +index 833341f85..a17e03b10 100644 +--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb ++++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb +@@ -73,3 +73,8 @@ do_compile:prepend() { + FILES:${PN} += "${datadir}/metainfo" + + RDEPENDS:${PN} += "mypaint-brushes-1.0" ++ ++CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux" ++CVE_STATUS[CVE-2009-0581] = "cpe-incorrect: The current version (2.10.38) is not affected." ++CVE_STATUS[CVE-2009-0723] = "cpe-incorrect: The current version (2.10.38) is not affected." ++CVE_STATUS[CVE-2009-0733] = "cpe-incorrect: The current version (2.10.38) is not affected." +-- +2.44.0 +