From: Ross Burton <ross.burton@arm.com>
Date: Mon, 23 Oct 2023 17:38:20 +0000 (+0100)
Subject: zlib: ignore CVE-2023-45853
X-Git-Tag: yocto-5.2~4774
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a32f285501b459cfe18e3135a3c531b63f58034c;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

zlib: ignore CVE-2023-45853

This CVE relates to a bug in the minizip tool, but we don't build that.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-core/zlib/zlib_1.3.bb b/meta/recipes-core/zlib/zlib_1.3.bb
index c8fd855ee67..1ed18172faa 100644
--- a/meta/recipes-core/zlib/zlib_1.3.bb
+++ b/meta/recipes-core/zlib/zlib_1.3.bb
@@ -45,3 +45,5 @@ do_install_ptest() {
 }
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"