[kirkstone,3/4] sqlite3: ignore CVE-2025-3277

Message ID	ebacd5cd2827c1a9a45a92353518f9d976597526.1754412086.git.steve@sakoman.com
State	New
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.215.169, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 3/4] sqlite3: ignore CVE-2025-3277 Date: Tue, 5 Aug 2025 09:43:35 -0700 Message-ID: <ebacd5cd2827c1a9a45a92353518f9d976597526.1754412086.git.steve@sakoman.com> In-Reply-To: <cover.1754412086.git.steve@sakoman.com> References: <cover.1754412086.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,1/4] avahi: fix CVE-2024-52615 \| expand [kirkstone,1/4] avahi: fix CVE-2024-52615 [kirkstone,2/4] sqlite3: patch CVE-2025-7458 [kirkstone,3/4] sqlite3: ignore CVE-2025-3277 [kirkstone,4/4] glibc: stable 2.35 branch updates

Message ID

ebacd5cd2827c1a9a45a92353518f9d976597526.1754412086.git.steve@sakoman.com

State

New

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 3/4] sqlite3: ignore CVE-2025-3277
Date: Tue,  5 Aug 2025 09:43:35 -0700
Message-ID: 
 <ebacd5cd2827c1a9a45a92353518f9d976597526.1754412086.git.steve@sakoman.com>
In-Reply-To: <cover.1754412086.git.steve@sakoman.com>
References: <cover.1754412086.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,1/4] avahi: fix CVE-2024-52615 | expand

Commit Message

Steve Sakoman Aug. 5, 2025, 4:43 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

The vulnerable code was introduced in 3.44.0 via [1].
(See fix commit [2])
Also Debian says "not vulnerabele yet for 3.40.1 in [3]

[1] https://github.com/sqlite/sqlite/commit/e1e67abc5cf67f931aab1e471eda23d73f51d456
[2] https://sqlite.org/src/info/498e3f1cf57f164f
[3] https://security-tracker.debian.org/tracker/CVE-2025-3277

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/sqlite/sqlite3_3.38.5.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
index 86d9b4b33b..280342204a 100644
--- a/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
+++ b/meta/recipes-support/sqlite/sqlite3_3.38.5.bb
@@ -21,3 +21,5 @@  CVE_CHECK_IGNORE += "CVE-2019-19242"
 CVE_CHECK_IGNORE += "CVE-2015-3717"
 # Issue in an experimental extension we don't have/use. Fixed by https://sqlite.org/src/info/b1e0c22ec981cf5f
 CVE_CHECK_IGNORE += "CVE-2021-36690"
+# Issue was introduced in 3.44.0
+CVE_CHECK_IGNORE += "CVE-2025-3277"

[kirkstone,3/4] sqlite3: ignore CVE-2025-3277

Commit Message

Patch