From: Ross Burton <ross.burton@arm.com>
Date: Wed, 29 Jun 2022 15:15:18 +0000 (+0100)
Subject: cups: ignore CVE-2022-26691
X-Git-Tag: lucaceresoli/bug-15201-perf-libtraceevent-missing~3754
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=b40dd920f8b40eabe78db363249257818c63c074;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

cups: ignore CVE-2022-26691

This is fixed in 2.4.2, which we have, but the complex CPE in that CVE
isn't parsed by cve-check correctly so it thinks that we're vulnerable.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-extended/cups/cups.inc b/meta/recipes-extended/cups/cups.inc
index 8f2ad8a0098..45929807660 100644
--- a/meta/recipes-extended/cups/cups.inc
+++ b/meta/recipes-extended/cups/cups.inc
@@ -26,6 +26,8 @@ CVE_CHECK_IGNORE += "CVE-2008-1033"
 CVE_CHECK_IGNORE += "CVE-2009-0032"
 # This is an Ubuntu only issue.
 CVE_CHECK_IGNORE += "CVE-2018-6553"
+# This is fixed in 2.4.2 but the cve-check class still reports it
+CVE_CHECK_IGNORE += "CVE-2022-26691"
 
 LEAD_SONAME = "libcupsdriver.so"