diff mbox series

[meta-oe,kirkstone,4/4] redis-7: ignore CVE-2022-3734 and CVE-2022-0543

Message ID 20251123161732.1875494-4-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,kirkstone,1/4] redis: ignore CVE-2022-3734 and CVE-2022-0543 | expand

Commit Message

Gyorgy Sarvari Nov. 23, 2025, 4:17 p.m. UTC 
CVE-2022-3734 only affects Windows.
CVE-2022-0543 affects only packages that were packaged for Debian and
Debian-derivative distros.

Neither of these issues is present in upstream Redis.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-extended/redis/redis_7.0.15.bb | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/redis/redis_7.0.15.bb b/meta-oe/recipes-extended/redis/redis_7.0.15.bb
index 7b5d55467d..61a088775b 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.15.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.15.bb
@@ -34,6 +34,11 @@  SRC_URI[sha256sum] = "98066f5363504b26c34dd20fbcc3c957990d764cdf42576c836fc02107
 
 inherit autotools-brokensep update-rc.d systemd useradd
 
+# not-applicable-config: the vulnerability is not present in upstream, only in Debian-packaged version
+CVE_CHECK_IGNORE += "CVE-2022-0543"
+# not-applicable-config: only affects Windows
+CVE_CHECK_IGNORE += "CVE-2022-3734"
+
 FINAL_LIBS:x86:toolchain-clang = "-latomic"
 FINAL_LIBS:riscv32:toolchain-clang = "-latomic"
 FINAL_LIBS:mips = "-latomic"