From 09cd8e482a4686f63adc05bd7d8fccd2cc1367d4 Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Thu, 9 Apr 2026 19:09:05 +1200
Subject: [PATCH] freerdp3: ignore CVE-2026-24677 and CVE-2026-24678

Both vulnerabilities exists in the functions which were added in
version 3.6.0[1]

Details:
https://nvd.nist.gov/vuln/detail/CVE-2026-24677
https://nvd.nist.gov/vuln/detail/CVE-2026-24678

[1] https://github.com/FreeRDP/FreeRDP/commit/a81d111ac4023d31e10ebf579fa34c93bf56bce5

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
index 5f0a2536ae..82b926f430 100644
--- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
+++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb
@@ -81,3 +81,5 @@ do_configure:append() {
 FILES:${PN} += "${datadir}"
 
 CVE_STATUS[CVE-2025-68118] = "not-applicable-platform: only affects Windows"
+CVE_STATUS[CVE-2026-24677] = "cpe-incorrect: The current version (3.4.0) is not affected."
+CVE_STATUS[CVE-2026-24678] = "cpe-incorrect: The current version (3.4.0) is not affected."