| Message ID | 20260105083201.1225143-3-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-python,kirkstone,1/5] python-grpcio(-tools): add grpc:grpc to cve product | expand |
diff --git a/meta-python/recipes-devtools/python/python3-cbor2_5.4.2.bb b/meta-python/recipes-devtools/python/python3-cbor2_5.4.2.bb index 0d0ab6af37..bbdeca7adb 100644 --- a/meta-python/recipes-devtools/python/python3-cbor2_5.4.2.bb +++ b/meta-python/recipes-devtools/python/python3-cbor2_5.4.2.bb @@ -12,6 +12,9 @@ SRC_URI += " \ file://run-ptest \ " +# not vulnerable yet, vulnerability was introduced in v5.6.0 +CVE_CHECK_IGNORE = "CVE-2025-64076" + RDEPENDS:${PN}-ptest += " \ ${PYTHON_PN}-pytest \ ${PYTHON_PN}-unixadmin \
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64076 The vunerability was introduced in v5.6.0[1], the recipe version doesn't contain the vulnerable piece of code. [1]: https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-python/recipes-devtools/python/python3-cbor2_5.4.2.bb | 3 +++ 1 file changed, 3 insertions(+)