redis: ignore CVE-2025-46686

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686 Upstream disputes that it is a security violation, and says that implementing a mitigation for this would negatively affect the rest of the application, so they elected to ignore it. See Github advisory about the same vulnerability: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-12-26 20:09:57 +0100
committer: Khem Raj <raj.khem@gmail.com> 2025-12-26 17:36:58 -0800
commit: 868b4b2959c1f6be13693e31eae5b27a1fa697e6 (patch)
tree: ab48ad4e310f5bac423c926cbb0c756ab4076002 /meta-oe/recipes-extended/redis/redis_7.2.12.bb
parent: 922ca44f5e2314979d0cf0577a1fd13dd59f85d3 (diff)
download: meta-openembedded-868b4b2959c1f6be13693e31eae5b27a1fa697e6.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-oe/recipes-extended/redis/redis_7.2.12.bb b/meta-oe/recipes-extended/redis/redis_7.2.12.bb
index 0989ed5e8d..8abf758930 100644
--- a/meta-oe/recipes-extended/redis/redis_7.2.12.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.2.12.bb
@@ -23,6 +23,7 @@ RPROVIDES:${PN} = "virtual-redis"
 CVE_STATUS[CVE-2025-21605] = "cpe-incorrect: the used version already contains the fix"
 CVE_STATUS[CVE-2025-27151] = "cpe-incorrect: the used version already contains the fix"
+CVE_STATUS[CVE-2025-46686] = "disputed: upstream rejected because mitigating it would affect other functionality"
 CVE_STATUS[CVE-2025-46817] = "cpe-incorrect: the used version already contains the fix"
 CVE_STATUS[CVE-2025-46818] = "cpe-incorrect: the used version already contains the fix"
 CVE_STATUS[CVE-2025-46819] = "cpe-incorrect: the used version already contains the fix"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-12-26 20:09:57 +0100
committer	Khem Raj <raj.khem@gmail.com>	2025-12-26 17:36:58 -0800
commit	868b4b2959c1f6be13693e31eae5b27a1fa697e6 (patch)
tree	ab48ad4e310f5bac423c926cbb0c756ab4076002 /meta-oe/recipes-extended/redis/redis_7.2.12.bb
parent	922ca44f5e2314979d0cf0577a1fd13dd59f85d3 (diff)
download	meta-openembedded-868b4b2959c1f6be13693e31eae5b27a1fa697e6.tar.gz

diff --git a/meta-oe/recipes-extended/redis/redis_7.2.12.bb b/meta-oe/recipes-extended/redis/redis_7.2.12.bb index 0989ed5e8d..8abf758930 100644 --- a/meta-oe/recipes-extended/redis/redis_7.2.12.bb +++ b/meta-oe/recipes-extended/redis/redis_7.2.12.bb
@@ -23,6 +23,7 @@ RPROVIDES:${PN} = "virtual-redis"
23		23
24	CVE_STATUS[CVE-2025-21605] = "cpe-incorrect: the used version already contains the fix"	24	CVE_STATUS[CVE-2025-21605] = "cpe-incorrect: the used version already contains the fix"
25	CVE_STATUS[CVE-2025-27151] = "cpe-incorrect: the used version already contains the fix"	25	CVE_STATUS[CVE-2025-27151] = "cpe-incorrect: the used version already contains the fix"
		26	CVE_STATUS[CVE-2025-46686] = "disputed: upstream rejected because mitigating it would affect other functionality"
26	CVE_STATUS[CVE-2025-46817] = "cpe-incorrect: the used version already contains the fix"	27	CVE_STATUS[CVE-2025-46817] = "cpe-incorrect: the used version already contains the fix"
27	CVE_STATUS[CVE-2025-46818] = "cpe-incorrect: the used version already contains the fix"	28	CVE_STATUS[CVE-2025-46818] = "cpe-incorrect: the used version already contains the fix"
28	CVE_STATUS[CVE-2025-46819] = "cpe-incorrect: the used version already contains the fix"	29	CVE_STATUS[CVE-2025-46819] = "cpe-incorrect: the used version already contains the fix"