diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2026-04-06 17:13:00 +0200 |
|---|---|---|
| committer | Khem Raj <khem.raj@oss.qualcomm.com> | 2026-04-06 09:46:31 -0700 |
| commit | 22a31ea701f36a940f5ea82c8814e931bde6830c (patch) | |
| tree | 94cdc700e4c65d6c7d7fad8397e21a200fb8823f | |
| parent | fe1b038cd814102b317c6896f265019909a67de8 (diff) | |
| download | meta-openembedded-22a31ea701f36a940f5ea82c8814e931bde6830c.tar.gz | |
nodejs: ignore fixed CVEs
All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712,
which does not affect v22 series, because it was introduced in a
later version[2]. All these CVEs are tracked without version info
by NVD at the time of creating this patch.
[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
[2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
| -rw-r--r-- | meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb index 8bd5f008af..e6dbc866a1 100644 --- a/meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb +++ b/meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb | |||
| @@ -214,3 +214,10 @@ python __anonymous () { | |||
| 214 | } | 214 | } |
| 215 | 215 | ||
| 216 | BBCLASSEXTEND = "native" | 216 | BBCLASSEXTEND = "native" |
| 217 | |||
| 218 | CVE_STATUS[CVE-2026-21712] = "cpe-incorrect: only v24 and v25 are affected" | ||
| 219 | CVE_STATUS[CVE-2026-21713] = "fixed-version: fixed since v22.22.2" | ||
| 220 | CVE_STATUS[CVE-2026-21714] = "fixed-version: fixed since v22.22.2" | ||
| 221 | CVE_STATUS[CVE-2026-21715] = "fixed-version: fixed since v22.22.2" | ||
| 222 | CVE_STATUS[CVE-2026-21716] = "fixed-version: fixed since v22.22.2" | ||
| 223 | CVE_STATUS[CVE-2026-21717] = "fixed-version: fixed since v22.22.2" | ||
