zlib: ignore CVE-2023-6992

This CVE is for iCPE cloudflare:zlib. Alternative to ignoring would be to limit CVE_PRODUCT, but historic CVEs already have two - gnu:zlib and zlib:zlib. So limiting it could miss future CVEs. (From OE-Core rev: 7523c7b3609220b4dfc2bb0a83c552db60e1dc7e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 9f953a1cd832f03f0b3666168addf45fd4fc8d14) Signed-off-by: Steve Sakoman <steve@sakoman.com>
2026-04-19 06:32:13 +02:00 · 2024-01-13 19:04:04 +01:00
parent 4b37e67fbc
commit 52adde71ad
1 changed files with 1 additions and 0 deletions
--- a/meta/recipes-core/zlib/zlib_1.3.bb
+++ b/meta/recipes-core/zlib/zlib_1.3.bb
@@ -47,3 +47,4 @@ do_install_ptest() {
 BBCLASSEXTEND = "native nativesdk"

 CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
+CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib"