From 50e7b3e5eaaaca7c5ef4486fb36c767e9b28a2c7 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Sun, 8 Mar 2026 18:26:29 +0100
Subject: python3-protobuf: mark CVE-2026-0994 patched

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994

It is fixed already in the currently used version, however NVD tracks
it without any version info, so it still shows up in CVE reports.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta-python/recipes-devtools')

diff --git a/meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb b/meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb
index af30165f81..af9ff85f20 100644
--- a/meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb
+++ b/meta-python/recipes-devtools/python/python3-protobuf_6.33.5.bb
@@ -13,6 +13,7 @@ inherit pypi setuptools3
 SRC_URI[sha256sum] = "6ddcac2a081f8b7b9642c09406bc6a4290128fce5f471cddd165960bb9119e5c"
 
 CVE_PRODUCT += "google:protobuf protobuf:protobuf google-protobuf protobuf-python"
+CVE_STATUS[CVE-2026-0994] = "fixed-version: it is fixed in 6.33.5"
 
 # http://errors.yoctoproject.org/Errors/Details/184715/
 # Can't find required file: ../src/google/protobuf/descriptor.proto
-- 
cgit v1.2.3-54-g00ecf