zlib: ignore CVE-2023-6992

This CVE is for iCPE cloudflare:zlib. Alternative to ignoring would be to limit CVE_PRODUCT, but historic CVEs already have two - gnu:zlib and zlib:zlib. So limiting it could miss future CVEs. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Peter Marko <peter.marko@siemens.com> 2024-01-13 19:04:04 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2024-01-23 11:52:43 +0000
commit: 9f953a1cd832f03f0b3666168addf45fd4fc8d14 (patch)
tree: a43b98012065551527c8b2bba5f1b56c0c04e3e8
parent: a9b51a42fc1fd3c01852b51e3f21cf4d4480f3e8 (diff)
download: openembedded-core-9f953a1cd832f03f0b3666168addf45fd4fc8d14.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-core/zlib/zlib_1.3.bb b/meta/recipes-core/zlib/zlib_1.3.bb
index 1ed18172fa..ede75f90bd 100644
--- a/meta/recipes-core/zlib/zlib_1.3.bb
+++ b/meta/recipes-core/zlib/zlib_1.3.bb
@@ -47,3 +47,4 @@ do_install_ptest() {
 BBCLASSEXTEND = "native nativesdk"
 
 CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
+CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib"
author	Peter Marko <peter.marko@siemens.com>	2024-01-13 19:04:04 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2024-01-23 11:52:43 +0000
commit	9f953a1cd832f03f0b3666168addf45fd4fc8d14 (patch)
tree	a43b98012065551527c8b2bba5f1b56c0c04e3e8
parent	a9b51a42fc1fd3c01852b51e3f21cf4d4480f3e8 (diff)
download	openembedded-core-9f953a1cd832f03f0b3666168addf45fd4fc8d14.tar.gz