From 2073a86a79c09e49fe6b52aefb2181d0147e69c8 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Fri, 6 Feb 2026 09:20:48 +0100
Subject: [PATCH] gnome-settings-daemon: ignore CVE-2024-38394

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-38394

The CVE has the disputed flag. The project maintainers claim that the issue
is not in gnome-setttings-daemon. If the vulnerability needs to be handled
in gnome-settings-daemon, than it is a new feature rather than a vulnerability fix.

Due to this, ignore this CVE.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 .../gnome-settings-daemon/gnome-settings-daemon_46.0.bb         | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_46.0.bb b/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_46.0.bb
index d409e77eae..7e3afa7998 100644
--- a/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_46.0.bb
+++ b/meta-gnome/recipes-gnome/gnome-settings-daemon/gnome-settings-daemon_46.0.bb
@@ -48,3 +48,5 @@ FILES:${PN} += " \
     ${systemd_user_unitdir} \
     ${libdir}/gnome-settings-daemon-${@gnome_verdir("${PV}")}/libgsd.so \
 "
+
+CVE_STATUS[CVE-2024-38394] = "disputed: mitigation would be a new feature, not a CVE"