[meta-oe,whinlatter,4/8] protobuf: ignore CVE-2026-0994

Message ID	20260224190451.1596179-4-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][whinlatter][PATCH 4/8] protobuf: ignore CVE-2026-0994 Date: Tue, 24 Feb 2026 20:04:47 +0100 Message-ID: <20260224190451.1596179-4-skandigraun@gmail.com> In-Reply-To: <20260224190451.1596179-1-skandigraun@gmail.com> References: <20260224190451.1596179-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-webserver,whinlatter,1/8] nginx: patch CVE-2026-1642 \| expand [meta-webserver,whinlatter,1/8] nginx: patch CVE-2026-1642 [meta-oe,whinlatter,2/8] openjpeg: patch CVE-2023-39327 [meta-oe,whinlatter,3/8] postgresql: upgrade 17.7 -> 17.8 [meta-oe,whinlatter,4/8] protobuf: ignore CVE-2026-0994 [meta-oe,whinlatter,5/8] libjxl: upgrade 0.11.1 -> 0.11.2 [meta-gnome,whinlatter,6/8] gnome-shell: ignore CVE-2021-3982 [meta-gnome,whinlatter,7/8] gimp: ignore already fixed CVEs [meta-multimedia,whinlatter,8/8] minidlna: ignore CVE-2024-51442

Message ID

20260224190451.1596179-4-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][whinlatter][PATCH 4/8] protobuf: ignore CVE-2026-0994
Date: Tue, 24 Feb 2026 20:04:47 +0100
Message-ID: <20260224190451.1596179-4-skandigraun@gmail.com>
In-Reply-To: <20260224190451.1596179-1-skandigraun@gmail.com>
References: <20260224190451.1596179-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-webserver,whinlatter,1/8] nginx: patch CVE-2026-1642 | expand

Commit Message

Gyorgy Sarvari Feb. 24, 2026, 7:04 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994

The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).

Ignore this CVE in this recipe due to this.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-devtools/protobuf/protobuf_6.31.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_6.31.1.bb b/meta-oe/recipes-devtools/protobuf/protobuf_6.31.1.bb
index 37b26b610d..4356ebeecf 100644
--- a/meta-oe/recipes-devtools/protobuf/protobuf_6.31.1.bb
+++ b/meta-oe/recipes-devtools/protobuf/protobuf_6.31.1.bb
@@ -26,6 +26,8 @@  UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d\.\d+\.\d+)"
 
 CVE_PRODUCT = "google:protobuf protobuf:protobuf google-protobuf protobuf-cpp"
 
+CVE_STATUS[CVE-2026-0994] = "cpe-incorrect: the vulnerability affects only python3-protobuf recipe"
+
 inherit cmake pkgconfig ptest
 
 PACKAGECONFIG ??= ""

[meta-oe,whinlatter,4/8] protobuf: ignore CVE-2026-0994

Commit Message

Patch