redis: ignore CVE-2025-46686

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686

Upstream disputes that it is a security violation, and says that
implementing a mitigation for this would negatively affect the rest
of the application, so they elected to ignore it.

See Github advisory about the same vulnerability:
https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>

2 files changed, 4 insertions, 0 deletions

diff --git a/meta-oe/recipes-extended/redis/redis_6.2.21.bb b/meta-oe/recipes-extended/redis/redis_6.2.21.bb
index e81984c081..3c24d459d6 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.21.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.21.bb
@@ -25,6 +25,8 @@ inherit autotools-brokensep update-rc.d systemd useradd
 CVE_CHECK_IGNORE += "CVE-2022-0543"
 # not-applicable-config: only affects Windows
 CVE_CHECK_IGNORE += "CVE-2022-3734"
+# disputed: not strictly a bug, mitigating it would affect functionality
+CVE_CHECK_IGNORE += "CVE-2025-46686"
 
 FINAL_LIBS:x86:toolchain-clang = "-latomic"
 FINAL_LIBS:riscv32:toolchain-clang = "-latomic"
diff --git a/meta-oe/recipes-extended/redis/redis_7.0.15.bb b/meta-oe/recipes-extended/redis/redis_7.0.15.bb
index 61a088775b..3768453db2 100644
--- a/meta-oe/recipes-extended/redis/redis_7.0.15.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.15.bb
@@ -38,6 +38,8 @@ inherit autotools-brokensep update-rc.d systemd useradd
 CVE_CHECK_IGNORE += "CVE-2022-0543"
 # not-applicable-config: only affects Windows
 CVE_CHECK_IGNORE += "CVE-2022-3734"
+# disputed: not strictly a bug, mitigating it would affect functionality
+CVE_CHECK_IGNORE += "CVE-2025-46686"
 
 FINAL_LIBS:x86:toolchain-clang = "-latomic"
 FINAL_LIBS:riscv32:toolchain-clang = "-latomic"