diff mbox series

[meta-oe,kirkstone,4/8] redis: ignore CVE-2025-46686

Message ID 20251225125139.2436941-4-skandigraun@gmail.com
State New
Headers show
Series [meta-networking,kirkstone,1/8] mtr: patch CVE-2025-49809 | expand

Commit Message

Gyorgy Sarvari Dec. 25, 2025, 12:51 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686

Upstream disputes that it is a security violation, and says that
implementing a mitigation for this would negatively affect the rest
of the application, so they elected to ignore it.

See Github advisory about the same vulnerability:
https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-extended/redis/redis_6.2.21.bb | 2 ++
 meta-oe/recipes-extended/redis/redis_7.0.15.bb | 2 ++
 2 files changed, 4 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-extended/redis/redis_6.2.21.bb b/meta-oe/recipes-extended/redis/redis_6.2.21.bb
index e81984c081..3c24d459d6 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.21.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.21.bb
@@ -25,6 +25,8 @@  inherit autotools-brokensep update-rc.d systemd useradd
 CVE_CHECK_IGNORE += "CVE-2022-0543"
 # not-applicable-config: only affects Windows
 CVE_CHECK_IGNORE += "CVE-2022-3734"
+# disputed: not strictly a bug, mitigating it would affect functionality
+CVE_CHECK_IGNORE += "CVE-2025-46686"
 
 FINAL_LIBS:x86:toolchain-clang = "-latomic"
 FINAL_LIBS:riscv32:toolchain-clang = "-latomic"
diff --git a/meta-oe/recipes-extended/redis/redis_7.0.15.bb b/meta-oe/recipes-extended/redis/redis_7.0.15.bb
index 61a088775b..3768453db2 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.15.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.15.bb
@@ -38,6 +38,8 @@  inherit autotools-brokensep update-rc.d systemd useradd
 CVE_CHECK_IGNORE += "CVE-2022-0543"
 # not-applicable-config: only affects Windows
 CVE_CHECK_IGNORE += "CVE-2022-3734"
+# disputed: not strictly a bug, mitigating it would affect functionality
+CVE_CHECK_IGNORE += "CVE-2025-46686"
 
 FINAL_LIBS:x86:toolchain-clang = "-latomic"
 FINAL_LIBS:riscv32:toolchain-clang = "-latomic"