diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-10-04 20:30:23 +0200 | 
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2025-10-05 21:52:27 -0700 | 
| commit | 11fc309ae95bc221d44fb85515ab5df7afd59c26 (patch) | |
| tree | fcbc232777e5e5f29d474c9623bc0df784262eaa | |
| parent | 7fea1c591a5994ac29d97881d87deaf796b79dc3 (diff) | |
| download | meta-openembedded-11fc309ae95bc221d44fb85515ab5df7afd59c26.tar.gz | |
apache2: ignore CVE-2025-3891
The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.
The affected module is not part of the meta-oe universe currently,
so ignore the CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb | 1 | 
1 files changed, 1 insertions, 0 deletions
| diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb index fef1f5ecec..58b324795e 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb | |||
| @@ -48,6 +48,7 @@ CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version is not affected | |||
| 48 | CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev" | 48 | CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev" | 
| 49 | CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)" | 49 | CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)" | 
| 50 | CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version is not affected. It only applies for Windows." | 50 | CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version is not affected. It only applies for Windows." | 
| 51 | CVE_STATUS[CVE-2025-3891] = "cpe-incorrect: The CVE is for a 3rd party module, which is not part of the Apache source distribution" | ||
| 51 | 52 | ||
| 52 | SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" | 53 | SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" | 
| 53 | 54 | ||
