apache2: ignore CVE-2025-3891

The vulnerability was reported against mod_auth_openidc, which module is a 3rd party one, and not part of the apache2 source distribution. The affected module is not part of the meta-oe universe currently, so ignore the CVE. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-10-04 20:30:23 +0200
committer: Khem Raj <raj.khem@gmail.com> 2025-10-05 21:52:27 -0700
commit: 11fc309ae95bc221d44fb85515ab5df7afd59c26 (patch)
tree: fcbc232777e5e5f29d474c9623bc0df784262eaa
parent: 7fea1c591a5994ac29d97881d87deaf796b79dc3 (diff)
download: meta-openembedded-11fc309ae95bc221d44fb85515ab5df7afd59c26.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
index fef1f5ecec..58b324795e 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
@@ -48,6 +48,7 @@ CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version is not affected
 CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev"
 CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)"
 CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version is not affected. It only applies for Windows."
+CVE_STATUS[CVE-2025-3891] = "cpe-incorrect: The CVE is for a 3rd party module, which is not part of the Apache source distribution"
 SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-04 20:30:23 +0200
committer	Khem Raj <raj.khem@gmail.com>	2025-10-05 21:52:27 -0700
commit	11fc309ae95bc221d44fb85515ab5df7afd59c26 (patch)
tree	fcbc232777e5e5f29d474c9623bc0df784262eaa
parent	7fea1c591a5994ac29d97881d87deaf796b79dc3 (diff)
download	meta-openembedded-11fc309ae95bc221d44fb85515ab5df7afd59c26.tar.gz

diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb index fef1f5ecec..58b324795e 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
@@ -48,6 +48,7 @@ CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version is not affected
48	CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev"	48	CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev"
49	CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)"	49	CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)"
50	CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version is not affected. It only applies for Windows."	50	CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version is not affected. It only applies for Windows."
		51	CVE_STATUS[CVE-2025-3891] = "cpe-incorrect: The CVE is for a 3rd party module, which is not part of the Apache source distribution"
51		52
52	SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"	53	SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
53		54