diff mbox series

[kirkstone,04/19] python3: ignore fixed CVEs

Message ID 2cf10084c56c83da3deff4e65e619afab80e08e1.1730228268.git.steve@sakoman.com
State Accepted, archived
Commit 2cf10084c56c83da3deff4e65e619afab80e08e1
Delegated to: Steve Sakoman
Headers show
Series [kirkstone,01/19] ghostscript: Backport CVE-2024-29508 | expand

Commit Message

Steve Sakoman Oct. 29, 2024, 6:59 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

These CVEs were fixed in 3.10.15

Commit 487e8cdf1df6feba6d88fa29e11791f4ebaaa362 removed patches in favor
of version upgrade, which caused the CVEs to re-appear in reports.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/python/python3_3.10.15.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/python/python3_3.10.15.bb b/meta/recipes-devtools/python/python3_3.10.15.bb
index 4157b8cb83..0eb619dfa2 100644
--- a/meta/recipes-devtools/python/python3_3.10.15.bb
+++ b/meta/recipes-devtools/python/python3_3.10.15.bb
@@ -63,6 +63,8 @@  CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
 CVE_CHECK_IGNORE += "CVE-2015-20107"
 # Not an issue, in fact expected behaviour
 CVE_CHECK_IGNORE += "CVE-2023-36632"
+# Fixes are included in 3.10.15
+CVE_CHECK_IGNORE += "CVE-2023-27043 CVE-2024-6232 CVE-2024-7592"
 
 PYTHON_MAJMIN = "3.10"