diff mbox series

[meta-oe,kirkstone,3/7] protobuf: ignore CVE-2026-0994

Message ID 20260226144624.3743168-3-skandigraun@gmail.com
State New
Headers show
Series [meta-oe,kirkstone,1/7] cups-filters: patch CVE-2025-64503 | expand

Commit Message

Gyorgy Sarvari Feb. 26, 2026, 2:46 p.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994

The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).

Ignore this CVE in this recipe due to this.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb b/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb
index 95a76514a5..4cab00fc4d 100644
--- a/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb
+++ b/meta-oe/recipes-devtools/protobuf/protobuf_3.19.6.bb
@@ -37,6 +37,9 @@  EXTRA_OECONF += "--with-protoc=echo"
 TEST_SRC_DIR = "examples"
 LANG_SUPPORT = "cpp ${@bb.utils.contains('PACKAGECONFIG', 'python', 'python', '', d)}"
 
+# the vulnerability is in python3-protobuf recipe, not in this one
+CVE_CHECK_IGNORE += "CVE-2026-0994"
+
 do_compile_ptest() {
 	mkdir -p "${B}/${TEST_SRC_DIR}"