syslog-ng: ignore CVE-2022-38725

This CVE is fixed in 3.38.1, however cve-check indicates it as not fixed because there is also cpe for premium version. There is currently no method to filter this away in cve-check. Relevant CPEs: cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:-:*:*:* < 3.38.1 cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Peter Marko <peter.marko@siemens.com> 2024-02-04 21:00:25 +0100
committer: Khem Raj <raj.khem@gmail.com> 2024-02-04 13:24:40 -0800
commit: 8371516578c0bfbd80a1e4e94be846b2daf56d37 (patch)
tree: fdd96f8c202ae04ac0f80d99bc7096f2bde6df24 /meta-oe/recipes-support
parent: 3c6b9945629df7322c80b84e74369f925ac90237 (diff)
download: meta-openembedded-contrib-8371516578c0bfbd80a1e4e94be846b2daf56d37.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb b/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
index 650c7bd5f3..77a5e67a42 100644
--- a/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
+++ b/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
@@ -30,6 +30,8 @@ SRC_URI[sha256sum] = "c16eafe447191c079f471846182876b7919d3d789af8c1f9fe55ab1452
 
 UPSTREAM_CHECK_URI = "https://github.com/balabit/syslog-ng/releases"
 
+CVE_STATUS[CVE-2022-38725] = "cpe-incorrect: cve-check wrongly matches cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32"
+
 inherit autotools gettext systemd pkgconfig update-rc.d multilib_header
 
 EXTRA_OECONF = " \
author	Peter Marko <peter.marko@siemens.com>	2024-02-04 21:00:25 +0100
committer	Khem Raj <raj.khem@gmail.com>	2024-02-04 13:24:40 -0800
commit	8371516578c0bfbd80a1e4e94be846b2daf56d37 (patch)
tree	fdd96f8c202ae04ac0f80d99bc7096f2bde6df24 /meta-oe/recipes-support
parent	3c6b9945629df7322c80b84e74369f925ac90237 (diff)
download	meta-openembedded-contrib-8371516578c0bfbd80a1e4e94be846b2daf56d37.tar.gz