diff mbox series

[kirkstone,2/5] gnupg: ignore CVE-2022-3515

Message ID 20241201185337.2675566-3-peter.marko@siemens.com
State Under Review
Delegated to: Steve Sakoman
Headers show
Series CVE list cleanup | expand

Commit Message

Marko, Peter Dec. 1, 2024, 6:53 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

This is vulnerability of libksba and we use fixed libksba version
(currently 1.6.4).

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-support/gnupg/gnupg_2.3.7.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-support/gnupg/gnupg_2.3.7.bb b/meta/recipes-support/gnupg/gnupg_2.3.7.bb
index 7a29a5659a..7075a61898 100644
--- a/meta/recipes-support/gnupg/gnupg_2.3.7.bb
+++ b/meta/recipes-support/gnupg/gnupg_2.3.7.bb
@@ -87,3 +87,5 @@  lcl_maybe_fortify:mipsarch = ""
 
 # upstream-wontfix: Upstream doesn't seem to be keen on merging the proposed commit - https://dev.gnupg.org/T5993
 CVE_CHECK_IGNORE += "CVE-2022-3219"
+# cpe-incorrect: this is vulnerability of libksba and we use fixed libksba version
+CVE_CHECK_IGNORE += "CVE-2022-3515"