diff mbox series

[meta-python,4/8] python3-grpcio: ignore CVE-2026-33186

Message ID 20260420093323.357053-4-skandigraun@gmail.com
State Accepted
Headers show
Series [meta-networking,1/8] ngtcp2: upgrade 1.22.0 -> 1.22.1 | expand

Commit Message

Gyorgy Sarvari April 20, 2026, 9:33 a.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33186

The vulnerability only affects the Go implememtation of the library,
not the Python one. Ignore this CVE due to this.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-grpcio_1.78.0.bb | 1 +
 1 file changed, 1 insertion(+)
diff mbox series

Patch

diff --git a/meta-python/recipes-devtools/python/python3-grpcio_1.78.0.bb b/meta-python/recipes-devtools/python/python3-grpcio_1.78.0.bb
index 6ac6a72d25..d9ec337427 100644
--- a/meta-python/recipes-devtools/python/python3-grpcio_1.78.0.bb
+++ b/meta-python/recipes-devtools/python/python3-grpcio_1.78.0.bb
@@ -50,3 +50,4 @@  BBCLASSEXTEND = "native nativesdk"
 CCACHE_DISABLE = "1"
 
 CVE_PRODUCT += "grpc:grpc"
+CVE_STATUS[CVE-2026-33186] = "cpe-incorrect: the vulnerabilty affects only the go implementation"