diff mbox series

[meta-oe,scarthgap] libmodbus: ignore CVE-2023-26793 and CVE-2024-34244

Message ID 20250506170044.4101186-1-peter.marko@siemens.com
State New
Headers show
Series [meta-oe,scarthgap] libmodbus: ignore CVE-2023-26793 and CVE-2024-34244 | expand

Commit Message

Marko, Peter May 6, 2025, 5 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

See discussions in closed/rejected issues linked from NVD CVE reports:
* CVE-2023-26793: https://github.com/stephane/libmodbus/issues/683#issuecomment-2615601890
* CVE-2024-34244: https://github.com/stephane/libmodbus/issues/743#issuecomment-2222214256

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-oe/recipes-extended/libmodbus/libmodbus_3.1.10.bb | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.10.bb b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.10.bb
index c8e1c3a3e2..853abced29 100644
--- a/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.10.bb
+++ b/meta-oe/recipes-extended/libmodbus/libmodbus_3.1.10.bb
@@ -21,3 +21,6 @@  inherit autotools pkgconfig
 
 PACKAGECONFIG ??= ""
 PACKAGECONFIG[test] = "--enable-tests,--disable-tests,,"
+
+CVE_STATUS[CVE-2023-26793] = "disputed: The buffer overflow concerns unit-test-client and it's intentional."
+CVE_STATUS[CVE-2024-34244] = "disputed: This issue is invalid and only found a bug in the fuzzing driver"