Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which is in a separate recipe (python3-protobuf, where it is patched). Ignore this CVE in this recipe due to this. Signed-off-by: Gyorgy Sarvari <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 398fa05aa8bf7ce17dc40ed99edfc6a88feeb541) Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb b/meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb index e54dffd2cd..00c2360793 100644 --- a/meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb +++ b/meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb @@ -23,6 +23,8 @@ S = "${WORKDIR}/git" CVE_STATUS[CVE-2024-7254] = "fixed-version: The vulnerability has been addressed and the fix is included in version v4.25.8" +CVE_STATUS[CVE-2026-0994] = "cpe-incorrect: the vulnerability affects only python3-protobuf recipe" + inherit cmake pkgconfig ptest PACKAGECONFIG ??= ""
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124878): https://lists.openembedded.org/g/openembedded-devel/message/124878 Mute This Topic: https://lists.openembedded.org/mt/118152822/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
