diff mbox series

[meta-webserver] apache2: ignore CVE-2025-3891

Message ID 20251004183023.2787339-1-skandigraun@gmail.com
State Under Review
Headers show
Series [meta-webserver] apache2: ignore CVE-2025-3891 | expand

Commit Message

Gyorgy Sarvari Oct. 4, 2025, 6:30 p.m. UTC 
The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.

The affected module is not part of the meta-oe universe currently,
so ignore the CVE.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
index fef1f5ecec..58b324795e 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
@@ -48,6 +48,7 @@  CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version is not affected
 CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev"
 CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)"
 CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version is not affected. It only applies for Windows."
+CVE_STATUS[CVE-2025-3891] = "cpe-incorrect: The CVE is for a 3rd party module, which is not part of the Apache source distribution"
 
 SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"