diff mbox series

[kirkstone,01/38] zlib: ignore CVE-2026-22184

Message ID 00eae842fe2989d5f72917e48ef748dfee93d57a.1771942869.git.yoann.congal@smile.fr
State New
Headers show
Series [kirkstone,01/38] zlib: ignore CVE-2026-22184 | expand

Commit Message

Yoann Congal Feb. 24, 2026, 2:23 p.m. UTC
From: Peter Marko <peter.marko@siemens.com>

This is CVE for example tool contrib/untgz.
This is not compiled in Yocto zlib recipe.

This CVE has controversial CVSS3 score of 9.8.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-core/zlib/zlib_1.2.11.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb
index dc8f7c6c855..8dd0a90b523 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -58,3 +58,5 @@  BBCLASSEXTEND = "native nativesdk"
 
 # this CVE is for cloudflare zlib
 CVE_CHECK_IGNORE += "CVE-2023-6992"
+# vulnerable file is not compiled
+CVE_CHECK_IGNORE += "CVE-2026-22184"