| Message ID | 20251014135908.1055606-1-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-webserver,kirkstone] apache2: ignore CVE-2025-3891 | expand |
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb index c05304f96a..be827b6407 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb @@ -36,6 +36,8 @@ inherit autotools update-rc.d pkgconfig systemd update-alternatives DEPENDS = "openssl expat pcre apr apr-util apache2-native " CVE_PRODUCT = "apache:http_server" +# cpe-incorrect: The CVE is for a 3rd party module, which is not part of the Apache source distribution +CVE_CHECK_IGNORE += "CVE-2025-3891" SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
The vulnerability was reported against mod_auth_openidc, which module is a 3rd party one, and not part of the apache2 source distribution. The affected module is not part of the meta-oe universe currently, so ignore the CVE. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb | 2 ++ 1 file changed, 2 insertions(+)