diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-12-25 17:35:11 +0100 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2025-12-25 11:25:58 -0800 |
| commit | 4924e89bb77fe5486063229c50039a458d60f8ea (patch) | |
| tree | dfb6882047014cc9cf4f7a72e9d84522c4b3243c | |
| parent | 62a78f8ba7c8bd229cc82cf81bcc6a6d8116ebca (diff) | |
| download | meta-openembedded-4924e89bb77fe5486063229c50039a458d60f8ea.tar.gz | |
tigervnc: ignore CVE-2025-26594...26601
Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596,
CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-26594
https://nvd.nist.gov/vuln/detail/CVE-2025-26595
https://nvd.nist.gov/vuln/detail/CVE-2025-26596
https://nvd.nist.gov/vuln/detail/CVE-2025-26597
https://nvd.nist.gov/vuln/detail/CVE-2025-26598
https://nvd.nist.gov/vuln/detail/CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26600
https://nvd.nist.gov/vuln/detail/CVE-2025-26601
TigerVNC compiles its own xserver, this is why these CVEs are associated
with it - despite the vulnerabilities being in xserver.
All of these vulnerabilities were fixed by the same PR[1], which has
been part of xserver since version 21.1.16 (the currently used xserver
version in TigerVNC is 21.1.18).
Due to this, ignore these vulnerabilities, and just mark them as patched.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb index 89704f421d..9fb7abf8f3 100644 --- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb +++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb | |||
| @@ -89,3 +89,11 @@ SYSTEMD_SERVICE:${PN} = "vncserver@.service" | |||
| 89 | CVE_STATUS[CVE-2014-8241] = "fixed-version: The vulnerable code is not present in the used version (1.15.0)" | 89 | CVE_STATUS[CVE-2014-8241] = "fixed-version: The vulnerable code is not present in the used version (1.15.0)" |
| 90 | CVE_STATUS[CVE-2023-6377] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | 90 | CVE_STATUS[CVE-2023-6377] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" |
| 91 | CVE_STATUS[CVE-2023-6478] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | 91 | CVE_STATUS[CVE-2023-6478] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" |
| 92 | CVE_STATUS[CVE-2025-26594] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | ||
| 93 | CVE_STATUS[CVE-2025-26595] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | ||
| 94 | CVE_STATUS[CVE-2025-26596] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | ||
| 95 | CVE_STATUS[CVE-2025-26597] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | ||
| 96 | CVE_STATUS[CVE-2025-26598] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | ||
| 97 | CVE_STATUS[CVE-2025-26599] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | ||
| 98 | CVE_STATUS[CVE-2025-26600] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | ||
| 99 | CVE_STATUS[CVE-2025-26601] = "fixed-version: The vulnerable code is not present in the used xserver version (21.1.18)" | ||