fex: ignore unrelated CVEs

These CVEs were filed for "Fram's Fast File Exchange" application, which has the same abbreviated name as fex. Currently this recipe has no historical CVEs associated, so I couldn't set the correct CVE_PRODUCT. Rather ignore these irrelevant CVEs explicitly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
2025-12-13 13:56:00 +01:00 · 2025-12-09 16:39:53 +01:00 · 2025-12-09 16:39:53 +01:00 · b990486203
commit b990486203
parent 9f12c5fbc6
1 changed files with 6 additions and 0 deletions
--- a/meta-oe/recipes-devtools/fex/fex_2511.bb
+++ b/meta-oe/recipes-devtools/fex/fex_2511.bb
@ -54,3 +54,9 @@ LDFLAGS += "-fuse-ld=lld"

 FILES:${PN} += "${datadir} ${libdir}/binfmt.d ${libdir}/libFEXCore.so"
 FILES:${PN}-dev = "${includedir}"
+
+# At the time of writing this, this recipe has no historical CVEs associated, and couldn't
+# find a CPE to set. So ignore these unrelated vulnerabilities.
+CVE_STATUS_GROUPS = "CVE_STATUS_WRONG_CPE"
+CVE_STATUS_WRONG_CPE[status] = "cpe-incorrect: These vulnerabilities are for unrelated Fram's Fast File-EXchange application"
+CVE_STATUS_WRONG_CPE = "CVE-2012-0869 CVE-2012-1293 CVE-2014-3875 CVE-2014-3876 CVE-2014-3877"