summaryrefslogtreecommitdiffstats
path: root/meta-gnome
diff options
context:
space:
mode:
authorGyorgy Sarvari <skandigraun@gmail.com>2026-02-06 09:20:47 +0100
committerAnuj Mittal <anuj.mittal@oss.qualcomm.com>2026-02-09 09:35:54 +0530
commita33dae10b18baad6b352cc49b25badc323ccd792 (patch)
treefa71ca45133184afdbe391459301fbc5824f1fb5 /meta-gnome
parenta0806bca0ad5d18df1081c1fbf91b4e3c337c988 (diff)
downloadmeta-openembedded-a33dae10b18baad6b352cc49b25badc323ccd792.tar.gz
gimp: ignore CVE-2025-14423
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423 The vulnerability is about parsing LBM files, however this feature was introduced in verison 3.0[1], and the current recipe version is not vulnerable. [1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/222bef78c71ed8562a610f6863d56c0b3e2bef68 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
Diffstat (limited to 'meta-gnome')
-rw-r--r--meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb3
1 files changed, 2 insertions, 1 deletions
diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
index 36b0712976..8aa5ee09cb 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
@@ -76,4 +76,5 @@ FILES:${PN} += "${datadir}/metainfo"
76RDEPENDS:${PN} += "mypaint-brushes-1.0" 76RDEPENDS:${PN} += "mypaint-brushes-1.0"
77 77
78CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux" 78CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mandriva Linux"
79CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected." \ No newline at end of file 79CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected."
80CVE_STATUS[CVE-2025-14423] = "cpe-incorrect: The vulnerability was introduced in v3.0"