This is fixed in 2.4.2, which we have, but the complex CPE in that CVE isn't parsed by cve-check correctly so it thinks that we're vulnerable.
Signed-off-by: Ross Burton <ross.bur...@arm.com> --- meta/recipes-extended/cups/cups.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc index 8f2ad8a0098..45929807660 100644 --- a/meta/recipes-extended/cups/cups.inc +++ b/meta/recipes-extended/cups/cups.inc @@ -26,6 +26,8 @@ CVE_CHECK_IGNORE += "CVE-2008-1033" CVE_CHECK_IGNORE += "CVE-2009-0032" # This is an Ubuntu only issue. CVE_CHECK_IGNORE += "CVE-2018-6553" +# This is fixed in 2.4.2 but the cve-check class still reports it +CVE_CHECK_IGNORE += "CVE-2022-26691" LEAD_SONAME = "libcupsdriver.so" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#167381): https://lists.openembedded.org/g/openembedded-core/message/167381 Mute This Topic: https://lists.openembedded.org/mt/92067056/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
