summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2025-10-07 21:49:33 +0200
committerGyorgy Sarvari <skandigraun@gmail.com>2025-10-13 09:21:31 +0200
commitf7868477436ae605b46ac4954e0b36f5e7d99903 (patch)
treebaf8fb6b6f08d5a1bcb9c6d3a43e49eb0026d69f
parentf7c6bcc1ce53e4beab71a559b7eeb72a65b47ecd (diff)
downloadmeta-openembedded-f7868477436ae605b46ac4954e0b36f5e7d99903.tar.gz
redis: ignore CVE-2025-21605
The vulnerability has been fixed in the used versions already, upstream has backported it. 6.2.18: https://github.com/redis/redis/commit/5e93f9cb9dbc3e7ac9bce36f2838156cbc5c9e62 7.2.8: https://github.com/redis/redis/commit/42fb340ce426364d64f5dccc9c2549e58f48ac6f Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
-rw-r--r--meta-oe/recipes-extended/redis/redis_6.2.18.bb2
-rw-r--r--meta-oe/recipes-extended/redis/redis_7.2.8.bb1
2 files changed, 3 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.18.bb b/meta-oe/recipes-extended/redis/redis_6.2.18.bb
index 171c6640f2..13344beae4 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.18.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.18.bb
@@ -65,3 +65,5 @@ INITSCRIPT_NAME = "redis-server"
65INITSCRIPT_PARAMS = "defaults 87" 65INITSCRIPT_PARAMS = "defaults 87"
66 66
67SYSTEMD_SERVICE:${PN} = "redis.service" 67SYSTEMD_SERVICE:${PN} = "redis.service"
68
69CVE_STATUS[CVE-2025-21605] = "fixed-version: The backported fix by upstream is included in the used version"
diff --git a/meta-oe/recipes-extended/redis/redis_7.2.8.bb b/meta-oe/recipes-extended/redis/redis_7.2.8.bb
index 3c4d84085b..38d8e5ffe9 100644
--- a/meta-oe/recipes-extended/redis/redis_7.2.8.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.2.8.bb
@@ -74,3 +74,4 @@ SYSTEMD_SERVICE:${PN} = "redis.service"
74 74
75CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows." 75CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows."
76CVE_STATUS[CVE-2022-0543] = "not-applicable-platform: Debian-specific CVE" 76CVE_STATUS[CVE-2022-0543] = "not-applicable-platform: Debian-specific CVE"
77CVE_STATUS[CVE-2025-21605] = "fixed-version: The backported fix by upstream is included in the used version"