From 3e3bd7acfc3a59426559288c6f5ff088affd11ca Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Sun, 22 Feb 2026 17:45:31 +0100
Subject: [PATCH] dovecot: ignore CVE-2025-30189

Vulnerable versions are 2.4.0, 2.4.1 according to the full disclosure[1]

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189

[1] https://seclists.org/fulldisclosure/2025/Oct/29

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>

Adapted to Kirkstone.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb b/meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb
index b9473d0345..c1fa702eaa 100644
--- a/meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb
+++ b/meta-networking/recipes-support/dovecot/dovecot_2.3.14.bb
@@ -78,3 +78,6 @@ FILES:${PN}-dbg += "${libdir}/dovecot/*/.debug"
 
 # CVE-2016-4983 affects only postinstall script on specific distribution
 CVE_CHECK_IGNORE += "CVE-2016-4983"
+
+# cpe-incorrect: The current version (2.3.14) is not affected.
+CVE_CHECK_IGNORE += "CVE-2025-30189"