mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-25 10:59:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

zlib: ignore CVE-2026-22184

Browse Source 
This is CVE for example tool contrib/untgz.
This is not compiled in Yocto zlib recipe.

This CVE has controversial CVSS3 score of 9.8.

(From OE-Core rev: b00a1990237d473971076c4f92a1060911b8b323)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b0592c51b6ad038d737d2f6b30977bd0c5c50058)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko
2026-01-16 20:39:21 +01:00
committed by Richard Purdie
parent 028444d608
commit 463172affb
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-core/zlib/zlib_1.3.1.bb
View File

@@ -48,3 +48,5 @@ BBCLASSEXTEND = "native nativesdk"
# Adding 'CVE_PRODUCT' to avoid false detection of CVEs
CVE_PRODUCT = "zlib:zlib gnu:zlib"
CVE_STATUS[CVE-2026-22184] = "not-applicable-config: vulnerable file is not compiled"