| Message ID | 20251007092342.4082444-1-skandigraun@gmail.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [meta-oe] redis: ignore CVE-2022-3734 and CVE-2022-0543 | expand |
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.20.bb b/meta-oe/recipes-extended/redis/redis_6.2.20.bb index 175e0a9fc2..cc98781fed 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.20.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.20.bb @@ -21,6 +21,8 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ SRC_URI[sha256sum] = "7f8b8a7aed53c445a877adf9e3743cdd323518524170135a58c0702f2dba6ef4" CVE_STATUS[CVE-2025-21605] = "cpe-incorrect: the used version already contains the fix" +CVE_STATUS[CVE-2022-0543] = "not-applicable-config: the vulnerability is not present in upstream, only in Debian-packaged version" +CVE_STATUS[CVE-2022-3734] = "not-applicable-config: only affects Windows" inherit update-rc.d systemd useradd
CVE-2022-3734 only affects Windows. CVE-2022-0543 affects only packages that were packaged for Debian and Debian-derivative distros. Neither of these issues is present in upstream Redis. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-oe/recipes-extended/redis/redis_6.2.20.bb | 2 ++ 1 file changed, 2 insertions(+)