| Message ID | 20251223193441.1133870-1-skandigraun@gmail.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [meta-networking] wolfssl: ignore CVE-2025-11931 and CVE-2025-12889 | expand |
diff --git a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb index 8512269912..f16c8c1e68 100644 --- a/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb +++ b/meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb @@ -46,3 +46,6 @@ do_install_ptest() { cp -rf ${S}/certs ${D}${PTEST_PATH} cp -rf ${S}/tests ${D}${PTEST_PATH} } + +CVE_STATUS[CVE-2025-11931] = "fixed-version: The currently used version (5.8.4) contains the fix already." +CVE_STATUS[CVE-2025-12889] = "fixed-version: The currently used version (5.8.4) contains the fix already."
NVD claims that WolfSSL 5.8.4 is affected by both of these vulnerabilities, however actually both have been fixed in that version. CVE-2025-11931: NVD[1] references [2] PR as a patch, which was merged in [3]. CVE-2025-12889: NVD[4] referenced [5] PR as a patch, which was merged in [6]. [1]: https://nvd.nist.gov/vuln/detail/CVE-2025-11931 [2]: https://github.com/wolfSSL/wolfssl/pull/9223 [3]: https://github.com/wolfSSL/wolfssl/commit/e497d28ae1b364e0136849996b893f55d8a8fd4a [4]: https://nvd.nist.gov/vuln/detail/CVE-2025-12889 [5]: https://github.com/wolfSSL/wolfssl/pull/9395 [6]: https://github.com/wolfSSL/wolfssl/commit/2db1c7a522ba258d841fbce95ab84156669a5a3e Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-networking/recipes-connectivity/wolfssl/wolfssl_5.8.4.bb | 3 +++ 1 file changed, 3 insertions(+)