tigervnc: ignore CVE-2014-8241

Details: https://nvd.nist.gov/vuln/detail/CVE-2014-8241 The vulnerability is about a potential null-pointer dereference, because of a malloc result is not verified[1]. The vulnerable code has been refactored since completely[2], and the code isn't present anymore in the codebase. [1]: https://github.com/TigerVNC/tigervnc/issues/993#issuecomment-612874972 - attachment [2]: https://github.com/TigerVNC/tigervnc/commit/b8a24f055f1a29886d8b18bb3f0902144dc5bd14 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-24 16:10:57 +0100
committer: Khem Raj <raj.khem@gmail.com> 2025-11-24 21:54:47 -0800
commit: ed8a1038d227ee521cf2349d9f7f8e37eec6a64a (patch)
tree: c69f52bd4646722ff78a0521bee5185845691585
parent: af4df551eec582844a8b56154117915ace1596cd (diff)
download: meta-openembedded-ed8a1038d227ee521cf2349d9f7f8e37eec6a64a.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
index dd4f79c314..d3159f8a88 100644
--- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
+++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
@@ -85,3 +85,5 @@ FILES:${PN} += " \
 "
 SYSTEMD_SERVICE:${PN} = "vncserver@.service"
+CVE_STATUS[2014-8241] = "fixed-version: The vulnerable code is not present in the used version (1.15.0)"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-24 16:10:57 +0100
committer	Khem Raj <raj.khem@gmail.com>	2025-11-24 21:54:47 -0800
commit	ed8a1038d227ee521cf2349d9f7f8e37eec6a64a (patch)
tree	c69f52bd4646722ff78a0521bee5185845691585
parent	af4df551eec582844a8b56154117915ace1596cd (diff)
download	meta-openembedded-ed8a1038d227ee521cf2349d9f7f8e37eec6a64a.tar.gz

diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb index dd4f79c314..d3159f8a88 100644 --- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb +++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
@@ -85,3 +85,5 @@ FILES:${PN} += " \
85	"	85	"
86		86
87	SYSTEMD_SERVICE:${PN} = "vncserver@.service"	87	SYSTEMD_SERVICE:${PN} = "vncserver@.service"
		88
		89	CVE_STATUS[2014-8241] = "fixed-version: The vulnerable code is not present in the used version (1.15.0)"