From: Peter Marko <peter.marko@siemens.com>
Date: Sat, 25 Apr 2026 22:26:31 +0000 (+0200)
Subject: ruby: set status for CVE-2025-0306
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=5e03d64e32dce88d78dcf59429ea8fec475ea318;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

ruby: set status for CVE-2025-0306

This is a version-less Redhat CVE, so explicit status is needed.
Per [1] the issue is mitigated by using openssl >= 3.2.0.

[1] https://bugzilla.redhat.com/show_bug.cgi?id=2336100

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-devtools/ruby/ruby_4.0.2.bb b/meta/recipes-devtools/ruby/ruby_4.0.2.bb
index ba24e8601c..89d8d5b155 100644
--- a/meta/recipes-devtools/ruby/ruby_4.0.2.bb
+++ b/meta/recipes-devtools/ruby/ruby_4.0.2.bb
@@ -140,3 +140,5 @@ FILES:${PN}-ptest:append:class-target = "\
 "
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2025-0306] = "not-applicable-config: issue does not occur with openssl >= 3.2.0"