| Message ID | 20260308172629.3559131-1-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-python] python3-protobuf: mark CVE-2026-0994 patched | expand |
diff --git a/meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb b/meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb index af30165f81..af9ff85f20 100644 --- a/meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb +++ b/meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb @@ -13,6 +13,7 @@ inherit pypi setuptools3 SRC_URI[sha256sum] = "6ddcac2a081f8b7b9642c09406bc6a4290128fce5f471cddd165960bb9119e5c" CVE_PRODUCT += "google:protobuf protobuf:protobuf google-protobuf protobuf-python" +CVE_STATUS[CVE-2026-0994] = "fixed-version: it is fixed in 6.33.5" # http://errors.yoctoproject.org/Errors/Details/184715/ # Can't find required file: ../src/google/protobuf/descriptor.proto
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994 It is fixed already in the currently used version, however NVD tracks it without any version info, so it still shows up in CVE reports. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb | 1 + 1 file changed, 1 insertion(+)