[meta-oe,02/13] freerdp: ignore CVE-2026-22853

Message ID	20260223191850.1049304-2-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 02/13] freerdp: ignore CVE-2026-22853 Date: Mon, 23 Feb 2026 20:18:39 +0100 Message-ID: <20260223191850.1049304-2-skandigraun@gmail.com> In-Reply-To: <20260223191850.1049304-1-skandigraun@gmail.com> References: <20260223191850.1049304-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,01/13] freerdp: patch CVE-2026-22852 \| expand [meta-oe,01/13] freerdp: patch CVE-2026-22852 [meta-oe,02/13] freerdp: ignore CVE-2026-22853 [meta-gnome,03/13] gimp: ignore already fixed CVEs [meta-gnome,04/13] gnome-shell: ignore CVE-2021-3982 [meta-oe,05/13] libcdio: mark CVE-2024-36600 fixed [meta-multimedia,06/13] minidlna: ignore CVE-2024-51442 [meta-oe,07/13] openjpeg: patch CVE-2023-39327 [meta-oe,08/13] polkit: add info about CVE-2016-2568 [meta-oe,09/13] protobuf: ignore CVE-2026-0994 [meta-oe,10/13] live555: upgrade 20210824 -> 20260112 [meta-python,11/13] python3-pillow: upgrade 12.1.0 -> 12.1.1 [meta-python,12/13] python3-werkzeug: upgrade 3.1.5 -> 3.1.6 [meta-webserver,13/13] webmin: patch CVE-2025-67738

Message ID

20260223191850.1049304-2-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][PATCH 02/13] freerdp: ignore CVE-2026-22853
Date: Mon, 23 Feb 2026 20:18:39 +0100
Message-ID: <20260223191850.1049304-2-skandigraun@gmail.com>
In-Reply-To: <20260223191850.1049304-1-skandigraun@gmail.com>
References: <20260223191850.1049304-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,01/13] freerdp: patch CVE-2026-22852 | expand

Commit Message

Gyorgy Sarvari Feb. 23, 2026, 7:18 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22853

The vulnerable feature was introduced in v3.9.0[1], the
recipe version is not affected. Ignore this CVE.

[1]: https://github.com/FreeRDP/FreeRDP/commit/a4bd5ba8863c0959501d4604159042a311dae85a

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
index 70198a1e21..63dc177cbe 100644
--- a/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp_2.11.7.bb
@@ -119,6 +119,7 @@  python populate_packages:prepend () {
 
 CVE_STATUS[CVE-2024-32662] = "fixed-version: 2.x is not affected, bug was introduced in 3.0.0"
 CVE_STATUS[CVE-2025-68118] = "not-applicable-platform: Windows-only vulnerability"
+CVE_STATUS[CVE-2026-22853] = "cpe-incorrect: the vulnerability was introduced in 3.9.0"
 
 # avoid http://errors.yoctoproject.org/Errors/Details/852862/
 # fixed in freerdp3 with https://github.com/FreeRDP/FreeRDP/pull/10553

[meta-oe,02/13] freerdp: ignore CVE-2026-22853

Commit Message

Patch