]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commitdiff
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2946e23)
ruby: set status for CVE-2025-0306
authorPeter Marko <peter.marko@siemens.com>
Sat, 25 Apr 2026 22:26:31 +0000 (00:26 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 27 Apr 2026 14:05:47 +0000 (15:05 +0100)
This is a version-less Redhat CVE, so explicit status is needed.
Per [1] the issue is mitigated by using openssl >= 3.2.0.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2336100

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/ruby/ruby_4.0.2.bb patch | blob | blame | history

diff --git a/meta/recipes-devtools/ruby/ruby_4.0.2.bb b/meta/recipes-devtools/ruby/ruby_4.0.2.bb
index ba24e8601ceb0e1da983cd261e26f22733006cf5..89d8d5b15512e0e90331e1c3eee401ce9221c7ab 100644 (file)
--- a/meta/recipes-devtools/ruby/ruby_4.0.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_4.0.2.bb
@@ -140,3 +140,5 @@ FILES:${PN}-ptest:append:class-target = "\
 "
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2025-0306] = "not-applicable-config: issue does not occur with openssl >= 3.2.0"
Mirror of git://git.openembedded.org/openembedded-core