diff mbox series

[meta-oe] redis: ignore CVE-2025-4681{7,8,9}

Message ID 20251103195706.933227-1-skandigraun@gmail.com
State New
Headers show
Series [meta-oe] redis: ignore CVE-2025-4681{7,8,9} | expand

Commit Message

Gyorgy Sarvari Nov. 3, 2025, 7:57 p.m. UTC 
The fixes for these vulnerabilities have been backported for both 6.2 and
7.2 branches, and they are included in the current recipes already:

6.2
CVE-2025-46817: https://github.com/redis/redis/commit/229af5a62d4d24dd76486855197c3d08c13fe4d4
CVE-2025-46818: https://github.com/redis/redis/commit/de5e6aef1f95800bf0b58b33d8108d65c0f80ecd
CVE-2025-46819: https://github.com/redis/redis/commit/ef22554057e50c67d0f8d0ede39483358356321f

7.2
CVE-2025-46817: https://github.com/redis/redis/commit/fc282edb61b56e7fe1e6bacf9400252145852fdc
CVE-2025-46818: https://github.com/redis/redis/commit/dccb672d838f05c940f040c27b74fde6fb47b2a7
CVE-2025-46819: https://github.com/redis/redis/commit/2802b52b554cb9f0f249a24474c9fba94e933dbb

CVE details:
https://nvd.nist.gov/vuln/detail/CVE-2025-46817
https://nvd.nist.gov/vuln/detail/CVE-2025-46818
https://nvd.nist.gov/vuln/detail/CVE-2025-46819

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-extended/redis/redis_6.2.20.bb | 4 ++++
 meta-oe/recipes-extended/redis/redis_7.2.11.bb | 8 +++++---
 2 files changed, 9 insertions(+), 3 deletions(-)
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/redis/redis_6.2.20.bb b/meta-oe/recipes-extended/redis/redis_6.2.20.bb
index cc98781fed..f08386eef9 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.20.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.20.bb
@@ -23,6 +23,9 @@  SRC_URI[sha256sum] = "7f8b8a7aed53c445a877adf9e3743cdd323518524170135a58c0702f2d
 CVE_STATUS[CVE-2025-21605] = "cpe-incorrect: the used version already contains the fix"
 CVE_STATUS[CVE-2022-0543] = "not-applicable-config: the vulnerability is not present in upstream, only in Debian-packaged version"
 CVE_STATUS[CVE-2022-3734] = "not-applicable-config: only affects Windows"
+CVE_STATUS[CVE-2025-46817] = "cpe-stable-backport: the used version (6.2.20) contains the fix already"
+CVE_STATUS[CVE-2025-46818] = "cpe-stable-backport: the used version (6.2.20) contains the fix already"
+CVE_STATUS[CVE-2025-46819] = "cpe-stable-backport: the used version (6.2.20) contains the fix already"
 
 inherit update-rc.d systemd useradd
 
@@ -69,3 +72,4 @@  INITSCRIPT_NAME = "redis-server"
 INITSCRIPT_PARAMS = "defaults 87"
 
 SYSTEMD_SERVICE:${PN} = "redis.service"
+
diff --git a/meta-oe/recipes-extended/redis/redis_7.2.11.bb b/meta-oe/recipes-extended/redis/redis_7.2.11.bb
index 83cb4531d2..108ab24d77 100644
--- a/meta-oe/recipes-extended/redis/redis_7.2.11.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.2.11.bb
@@ -21,8 +21,13 @@  SRC_URI[sha256sum] = "2f9886eca68d30114ad6a01da65631f8007d802fd3e6c9fac711251e63
 
 RPROVIDES:${PN} = "virtual-redis"
 
+CVE_STATUS[CVE-2022-0543] = "not-applicable-platform: Debian-specific CVE"
+CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows."
 CVE_STATUS[CVE-2025-21605] = "cpe-incorrect: the used version already contains the fix"
 CVE_STATUS[CVE-2025-27151] = "cpe-incorrect: the used version already contains the fix"
+CVE_STATUS[CVE-2025-46817] = "cpe-stable-backport: the used version (7.2.11) contains the fix already"
+CVE_STATUS[CVE-2025-46818] = "cpe-stable-backport: the used version (7.2.11) contains the fix already"
+CVE_STATUS[CVE-2025-46819] = "cpe-stable-backport: the used version (7.2.11) contains the fix already"
 
 inherit pkgconfig update-rc.d systemd useradd
 
@@ -73,6 +78,3 @@  INITSCRIPT_NAME = "redis-server"
 INITSCRIPT_PARAMS = "defaults 87"
 
 SYSTEMD_SERVICE:${PN} = "redis.service"
-
-CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows."
-CVE_STATUS[CVE-2022-0543] = "not-applicable-platform: Debian-specific CVE"