diff mbox series

[meta-oe,scarthgap] grpc: set status for CVE-2026-33186

Message ID 20260412153704.2513682-1-peter.marko@siemens.com
State Under Review
Delegated to: Anuj Mittal
Headers show
Series [meta-oe,scarthgap] grpc: set status for CVE-2026-33186 | expand

Commit Message

Peter Marko April 12, 2026, 3:37 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

CPE per NVD report is for "go", while this is C++ component:
* cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*
Also the link to adisory within NVD report says "grpc-go":
* https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb b/meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb
index 1594353ef5..c6bffe4f95 100644
--- a/meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb
+++ b/meta-oe/recipes-devtools/grpc/grpc_1.60.1.bb
@@ -67,3 +67,5 @@  FILES:${PN}-compiler += " \
     ${bindir} \
     ${libdir}/libgrpc_plugin_support${SOLIBS} \
     "
+
+CVE_STATUS[CVE-2026-33186] = "cpe-incorrect: this CVE is for golang version of grpc"