From 4da4c6547cc4fa092736808ff4756e8201cf17d7 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Thu, 25 Dec 2025 13:51:35 +0100 Subject: redis: ignore CVE-2025-46686 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686 Upstream disputes that it is a security violation, and says that implementing a mitigation for this would negatively affect the rest of the application, so they elected to ignore it. See Github advisory about the same vulnerability: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9 Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-extended/redis/redis_6.2.21.bb | 2 ++ meta-oe/recipes-extended/redis/redis_7.0.15.bb | 2 ++ 2 files changed, 4 insertions(+) diff --git a/meta-oe/recipes-extended/redis/redis_6.2.21.bb b/meta-oe/recipes-extended/redis/redis_6.2.21.bb index e81984c081..3c24d459d6 100644 --- a/meta-oe/recipes-extended/redis/redis_6.2.21.bb +++ b/meta-oe/recipes-extended/redis/redis_6.2.21.bb @@ -25,6 +25,8 @@ inherit autotools-brokensep update-rc.d systemd useradd CVE_CHECK_IGNORE += "CVE-2022-0543" # not-applicable-config: only affects Windows CVE_CHECK_IGNORE += "CVE-2022-3734" +# disputed: not strictly a bug, mitigating it would affect functionality +CVE_CHECK_IGNORE += "CVE-2025-46686" FINAL_LIBS:x86:toolchain-clang = "-latomic" FINAL_LIBS:riscv32:toolchain-clang = "-latomic" diff --git a/meta-oe/recipes-extended/redis/redis_7.0.15.bb b/meta-oe/recipes-extended/redis/redis_7.0.15.bb index 61a088775b..3768453db2 100644 --- a/meta-oe/recipes-extended/redis/redis_7.0.15.bb +++ b/meta-oe/recipes-extended/redis/redis_7.0.15.bb @@ -38,6 +38,8 @@ inherit autotools-brokensep update-rc.d systemd useradd CVE_CHECK_IGNORE += "CVE-2022-0543" # not-applicable-config: only affects Windows CVE_CHECK_IGNORE += "CVE-2022-3734" +# disputed: not strictly a bug, mitigating it would affect functionality +CVE_CHECK_IGNORE += "CVE-2025-46686" FINAL_LIBS:x86:toolchain-clang = "-latomic" FINAL_LIBS:riscv32:toolchain-clang = "-latomic" -- cgit v1.2.3-54-g00ecf