From 03f418d36b1184f7bf142cb040b5c0faa93756c3 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Sat, 15 Nov 2025 19:23:10 +0100
Subject: [PATCH] linuxptp: ignore CVE-2024-42861

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-42861

The vulnerability report is considered to be bogus and a non-issue
(or at least not a security issue) by upstream[1] and by major
Linux distros[2][3][4].

[1]: https://lists.nwtime.org/sympa/arc/linuxptp-devel/2024-09/msg00080.html
[2]: Ubuntu: https://ubuntu.com/security/CVE-2024-42861
[3]: Debian: https://security-tracker.debian.org/tracker/CVE-2024-42861
[4]: Suse: https://bugzilla.suse.com/show_bug.cgi?id=1230935

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb b/meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb
index 9a5c9b5204..d7d90bba25 100644
--- a/meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb
+++ b/meta-oe/recipes-connectivity/linuxptp/linuxptp_4.1.bb
@@ -60,3 +60,5 @@ SYSTEMD_AUTO_ENABLE:${PN} = "disable"
 PACKAGES =+ "${PN}-configs"
 
 FILES:${PN}-configs += "${docdir}"
+
+CVE_STATUS[2024-42861] = "disputed: Considered to be bogus by upstream and major distros"