| Message ID | 20251007194936.146845-1-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,walnascar,1/4] redis: ignore CVE-2025-21605 | expand |
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.18.bb b/meta-oe/recipes-extended/redis/redis_6.2.18.bb index 171c6640f2..13344beae4 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.18.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.18.bb @@ -65,3 +65,5 @@ INITSCRIPT_NAME = "redis-server" INITSCRIPT_PARAMS = "defaults 87" SYSTEMD_SERVICE:${PN} = "redis.service" + +CVE_STATUS[CVE-2025-21605] = "fixed-version: The backported fix by upstream is included in the used version" diff --git a/meta-oe/recipes-extended/redis/redis_7.2.8.bb b/meta-oe/recipes-extended/redis/redis_7.2.8.bb index 3c4d84085b..38d8e5ffe9 100644 --- a/meta-oe/recipes-extended/redis/redis_7.2.8.bb +++ b/meta-oe/recipes-extended/redis/redis_7.2.8.bb @@ -74,3 +74,4 @@ SYSTEMD_SERVICE:${PN} = "redis.service" CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows." CVE_STATUS[CVE-2022-0543] = "not-applicable-platform: Debian-specific CVE" +CVE_STATUS[CVE-2025-21605] = "fixed-version: The backported fix by upstream is included in the used version"
The vulnerability has been fixed in the used versions already, upstream has backported it. 6.2.18: https://github.com/redis/redis/commit/5e93f9cb9dbc3e7ac9bce36f2838156cbc5c9e62 7.2.8: https://github.com/redis/redis/commit/42fb340ce426364d64f5dccc9c2549e58f48ac6f Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-oe/recipes-extended/redis/redis_6.2.18.bb | 2 ++ meta-oe/recipes-extended/redis/redis_7.2.8.bb | 1 + 2 files changed, 3 insertions(+)