From ad756dec39fd654025b4bb82a3389e49e68a0253 Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Fri, 16 Jan 2026 20:40:07 +0100
Subject: [PATCH] zlib: ignore CVE-2026-22184

This is CVE for example tool contrib/untgz.
This is not compiled in Yocto zlib recipe.

This CVE has controversial CVSS3 score of 9.8.

(From OE-Core rev: 1bdcd62d34b0b060b0e1e5142c5f3e7075f21cc2)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
---
 meta/recipes-core/zlib/zlib_1.2.11.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/zlib/zlib_1.2.11.bb b/meta/recipes-core/zlib/zlib_1.2.11.bb
index dc8f7c6c85..8dd0a90b52 100644
--- a/meta/recipes-core/zlib/zlib_1.2.11.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.11.bb
@@ -58,3 +58,5 @@ BBCLASSEXTEND = "native nativesdk"
 
 # this CVE is for cloudflare zlib
 CVE_CHECK_IGNORE += "CVE-2023-6992"
+# vulnerable file is not compiled
+CVE_CHECK_IGNORE += "CVE-2026-22184"