From 5e650cf2e5d7c20349527ed6dc63a191d4e432c0 Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Sat, 10 Jan 2026 23:37:14 +1300
Subject: [PATCH] krb5: ignore CVE-2025-3576

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-3576

As mentioned[1], vulnerability is fixed since upstream 1.21

[1] https://security-tracker.debian.org/tracker/CVE-2025-3576

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb b/meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb
index b38a0768e1..572c33a271 100644
--- a/meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb
+++ b/meta-oe/recipes-connectivity/krb5/krb5_1.21.3.bb
@@ -38,6 +38,8 @@ SRC_URI[sha256sum] = "b7a4cd5ead67fb08b980b21abd150ff7217e85ea320c9ed0c6dadd3048
 CVE_PRODUCT = "kerberos"
 CVE_VERSION = "5-${PV}"
 
+CVE_STATUS[CVE-2025-3576] = "fixed-version: The vulnerability has been fixed in the current version (1.21.3)"
+
 S = "${WORKDIR}/${BP}/src"
 
 DEPENDS = "bison-native ncurses util-linux e2fsprogs e2fsprogs-native openssl"