From: Ross Burton <ross@burtonini.com>
Date: Tue, 22 Mar 2022 11:19:48 +0000 (+0000)
Subject: python3: ignore CVE-2022-26488
X-Git-Tag: yocto-4.0~199
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2bd3c5a93988140d9927340b3af68785ae03db65;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

python3: ignore CVE-2022-26488

This CVE is specific to Microsoft Windows, so we can ignore it.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
---

diff --git a/meta/recipes-devtools/python/python3_3.10.2.bb b/meta/recipes-devtools/python/python3_3.10.2.bb
index 32da2a12c8d..227a72d3953 100644
--- a/meta/recipes-devtools/python/python3_3.10.2.bb
+++ b/meta/recipes-devtools/python/python3_3.10.2.bb
@@ -52,9 +52,8 @@ CVE_PRODUCT = "python"
 CVE_CHECK_IGNORE += "CVE-2007-4559"
 # This is not exploitable when glibc has CVE-2016-10739 fixed.
 CVE_CHECK_IGNORE += "CVE-2019-18348"
-
-# This is windows only issue.
-CVE_CHECK_IGNORE += "CVE-2020-15523"
+# These are specific to Microsoft Windows
+CVE_CHECK_IGNORE += "CVE-2020-15523 CVE-2022-26488"
 
 PYTHON_MAJMIN = "3.10"