diff options
| -rw-r--r-- | meta-oe/recipes-extended/redis/redis_6.2.21.bb | 7 | ||||
| -rw-r--r-- | meta-oe/recipes-extended/redis/redis_7.2.12.bb | 7 |
2 files changed, 12 insertions, 2 deletions
diff --git a/meta-oe/recipes-extended/redis/redis_6.2.21.bb b/meta-oe/recipes-extended/redis/redis_6.2.21.bb index 6166769ffa..0466e34000 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.21.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.21.bb | |||
| @@ -21,7 +21,12 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \ | |||
| 21 | SRC_URI[sha256sum] = "6383b32ba8d246f41bbbb83663381f5a5f4c4713235433cec22fc4a47e9b6d5f" | 21 | SRC_URI[sha256sum] = "6383b32ba8d246f41bbbb83663381f5a5f4c4713235433cec22fc4a47e9b6d5f" |
| 22 | 22 | ||
| 23 | CVE_STATUS[CVE-2025-21605] = "cpe-incorrect: the used version already contains the fix" | 23 | CVE_STATUS[CVE-2025-21605] = "cpe-incorrect: the used version already contains the fix" |
| 24 | CVE_STATUS[CVE-2022-0543] = "not-applicable-config: the vulnerability is not present in upstream, only in Debian-packaged version" | 24 | # The vulnerability originates from Debian's packaging methodology, |
| 25 | # which loads system-wide Lua libraries (lua-cjson, lua-cmsgpack), | ||
| 26 | # enabling Lua sandbox escape. Upstream Redis builds, including | ||
| 27 | # those built by Yocto/OpenEmbedded, utilize embedded Lua from the | ||
| 28 | # deps/ directory and are therefore not affected by this issue. | ||
| 29 | CVE_STATUS[CVE-2022-0543] = "not-applicable-config: Debian-specific packaging issue caused by loading system-wide Lua libraries; upstream builds use embedded Lua and are not affected" | ||
| 25 | CVE_STATUS[CVE-2022-3734] = "not-applicable-config: only affects Windows" | 30 | CVE_STATUS[CVE-2022-3734] = "not-applicable-config: only affects Windows" |
| 26 | 31 | ||
| 27 | inherit update-rc.d systemd useradd | 32 | inherit update-rc.d systemd useradd |
diff --git a/meta-oe/recipes-extended/redis/redis_7.2.12.bb b/meta-oe/recipes-extended/redis/redis_7.2.12.bb index 6527fb6996..0989ed5e8d 100644 --- a/meta-oe/recipes-extended/redis/redis_7.2.12.bb +++ b/meta-oe/recipes-extended/redis/redis_7.2.12.bb | |||
| @@ -78,4 +78,9 @@ INITSCRIPT_PARAMS = "defaults 87" | |||
| 78 | SYSTEMD_SERVICE:${PN} = "redis.service" | 78 | SYSTEMD_SERVICE:${PN} = "redis.service" |
| 79 | 79 | ||
| 80 | CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows." | 80 | CVE_STATUS[CVE-2022-3734] = "not-applicable-platform: CVE only applies for Windows." |
| 81 | CVE_STATUS[CVE-2022-0543] = "not-applicable-platform: Debian-specific CVE" | 81 | # The vulnerability originates from Debian's packaging methodology, |
| 82 | # which loads system-wide Lua libraries (lua-cjson, lua-cmsgpack), | ||
| 83 | # enabling Lua sandbox escape. Upstream Redis builds, including | ||
| 84 | # those built by Yocto/OpenEmbedded, utilize embedded Lua from the | ||
| 85 | # deps/ directory and are therefore not affected by this issue. | ||
| 86 | CVE_STATUS[CVE-2022-0543] = "not-applicable-config: Debian-specific packaging issue caused by loading system-wide Lua libraries; upstream builds use embedded Lua and are not affected" | ||