From: Peter Marko <peter.marko@siemens.com>
Date: Sat, 9 May 2026 22:45:33 +0000 (+0200)
Subject: rpm-sequoia: set status for CVE-2026-2625
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c8cf896959eba1b25c158cbee79aeba62322e34f;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

rpm-sequoia: set status for CVE-2026-2625

This is a version-less RedHat CVE.
[1] points to [2] included in v1.10.2.

[1] https://security-tracker.debian.org/tracker/CVE-2026-2625
[2] https://github.com/rpm-software-management/rpm-sequoia/commit/fa3c60094fa853ede6b4862e936f246412d700de

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-devtools/rpm-sequoia/rpm-sequoia_1.10.2.bb b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia_1.10.2.bb
index d190db88b6..a6b32bb007 100644
--- a/meta/recipes-devtools/rpm-sequoia/rpm-sequoia_1.10.2.bb
+++ b/meta/recipes-devtools/rpm-sequoia/rpm-sequoia_1.10.2.bb
@@ -77,3 +77,5 @@ RDEPENDS:${PN} = "rpm-sequoia-crypto-policy"
 PACKAGE_WRITE_DEPS += "rpm-sequoia-crypto-policy-native"
 
 BBCLASSEXTEND = "native"
+
+CVE_STATUS[CVE-2026-2625] = "fixed-version: fixed since v1.10.2"