tigervnc: ignore CVE-2014-8241

Details: https://nvd.nist.gov/vuln/detail/CVE-2014-8241 The vulnerability is about a potential null-pointer dereference, because of a malloc result is not verified[1]. The vulnerable code has been refactored since completely[2], and the code isn't present anymore in the codebase. [1]: https://github.com/TigerVNC/tigervnc/issues/993#issuecomment-612874972 - attachment [2]: https://github.com/TigerVNC/tigervnc/commit/b8a24f055f1a29886d8b18bb3f0902144dc5bd14 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit ed8a1038d227ee521cf2349d9f7f8e37eec6a64a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-24 16:10:57 +0100
committer: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2025-12-17 13:57:09 +0530
commit: be043578a4c70ab41f9d727374877bdd67d54438 (patch)
tree: 59e4f8faa158a6c7cd5fe4091cff440631006355
parent: 39522e022bc40966902b2d0edb0511e68c658530 (diff)
download: meta-openembedded-be043578a4c70ab41f9d727374877bdd67d54438.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
index dd4f79c314..d3159f8a88 100644
--- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
+++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
@@ -85,3 +85,5 @@ FILES:${PN} += " \
 "
 SYSTEMD_SERVICE:${PN} = "vncserver@.service"
+CVE_STATUS[2014-8241] = "fixed-version: The vulnerable code is not present in the used version (1.15.0)"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-24 16:10:57 +0100
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:09 +0530
commit	be043578a4c70ab41f9d727374877bdd67d54438 (patch)
tree	59e4f8faa158a6c7cd5fe4091cff440631006355
parent	39522e022bc40966902b2d0edb0511e68c658530 (diff)
download	meta-openembedded-be043578a4c70ab41f9d727374877bdd67d54438.tar.gz

diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb index dd4f79c314..d3159f8a88 100644 --- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb +++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb
@@ -85,3 +85,5 @@ FILES:${PN} += " \
85	"	85	"
86		86
87	SYSTEMD_SERVICE:${PN} = "vncserver@.service"	87	SYSTEMD_SERVICE:${PN} = "vncserver@.service"
		88
		89	CVE_STATUS[2014-8241] = "fixed-version: The vulnerable code is not present in the used version (1.15.0)"