summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2026-01-23 18:02:13 +0100
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-01-26 10:04:44 +0530
commit98425feebe5ee7b2f82a7e1405f6f6a9fce5a3cf (patch)
tree2b542cdb6125c848e91a8fdb2ee728eac33f721d
parenta627e747a79760daff2b794f1a363f672773b004 (diff)
downloadmeta-openembedded-98425feebe5ee7b2f82a7e1405f6f6a9fce5a3cf.tar.gz
redis: ignore CVE-2025-46686
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686 Upstream disputes that it is a security violation, and says that implementing a mitigation for this would negatively affect the rest of the application, so they elected to ignore it. See Github advisory about the same vulnerability: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 868b4b2959c1f6be13693e31eae5b27a1fa697e6) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
-rw-r--r--meta-oe/recipes-extended/redis/redis_6.2.21.bb2
-rw-r--r--meta-oe/recipes-extended/redis/redis_7.2.12.bb2
2 files changed, 4 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.21.bb b/meta-oe/recipes-extended/redis/redis_6.2.21.bb
index 82e029fd82..c47f51692d 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.21.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.21.bb
@@ -23,6 +23,8 @@ SRC_URI[sha256sum] = "6383b32ba8d246f41bbbb83663381f5a5f4c4713235433cec22fc4a47e
23 23
24inherit autotools-brokensep update-rc.d systemd useradd 24inherit autotools-brokensep update-rc.d systemd useradd
25 25
26CVE_STATUS[CVE-2025-46686] = "disputed: upstream rejected because mitigating it would affect other functionality"
27
26FINAL_LIBS:x86:toolchain-clang = "-latomic" 28FINAL_LIBS:x86:toolchain-clang = "-latomic"
27FINAL_LIBS:riscv32 = "-latomic" 29FINAL_LIBS:riscv32 = "-latomic"
28FINAL_LIBS:mips = "-latomic" 30FINAL_LIBS:mips = "-latomic"
diff --git a/meta-oe/recipes-extended/redis/redis_7.2.12.bb b/meta-oe/recipes-extended/redis/redis_7.2.12.bb
index 98af45cb88..2b4087a74b 100644
--- a/meta-oe/recipes-extended/redis/redis_7.2.12.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.2.12.bb
@@ -21,6 +21,8 @@ SRC_URI[sha256sum] = "97c60478a7c777ac914ca9d87a7e88ba265926456107e758c62d8f971d
21 21
22inherit autotools-brokensep pkgconfig update-rc.d systemd useradd 22inherit autotools-brokensep pkgconfig update-rc.d systemd useradd
23 23
24CVE_STATUS[CVE-2025-46686] = "disputed: upstream rejected because mitigating it would affect other functionality"
25
24FINAL_LIBS:x86:toolchain-clang = "-latomic" 26FINAL_LIBS:x86:toolchain-clang = "-latomic"
25FINAL_LIBS:riscv32 = "-latomic" 27FINAL_LIBS:riscv32 = "-latomic"
26FINAL_LIBS:mips = "-latomic" 28FINAL_LIBS:mips = "-latomic"