From: Peter Marko Date: Thu, 6 Nov 2025 20:20:21 +0000 (+0100) Subject: curl: ignore CVE-2025-10966 X-Git-Tag: 2024-04.14-scarthgap~38 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3de9b86c295c88005d4df53e5137bb09ea104ed0;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git curl: ignore CVE-2025-10966 Per [1] this CVE applies only when wolfssl backed is used. 8.17.0 removed WolfSSL support completely. [1] https://curl.se/docs/CVE-2025-10966.html Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb index 713d90a378..6c02746394 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.7.1.bb @@ -39,6 +39,7 @@ CVE_STATUS[CVE-2024-32928] = "ignored: CURLOPT_SSL_VERIFYPEER was disabled on go CVE_STATUS[CVE-2025-0725] = "not-applicable-config: gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, using zlib 1.2.0.3 or older" CVE_STATUS[CVE-2025-5025] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl','unpatched',d)}" +CVE_STATUS[CVE-2025-10966] = "${@bb.utils.contains('PACKAGECONFIG', 'openssl', 'not-applicable-config: applicable only with wolfssl','unpatched',d)}" inherit autotools pkgconfig binconfig multilib_header ptest