mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-13 17:39:57 +00:00
Code Issues Projects Releases Wiki Activity

nodejs: ignore fixed CVEs

Browse Source 
All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712,
which does not affect v22 series, because it was introduced in a
later version[2]. All these CVEs are tracked without version info
by NVD at the time of creating this patch.

[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
[2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-07 11:19:13 +02:00
committed by Anuj Mittal
parent 2c70222d32
commit 6c4868d3f7
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/nodejs/nodejs_22.22.2.bb
+7
View File
@@ -217,3 +217,10 @@ python __anonymous () {
}
BBCLASSEXTEND = "native"
CVE_STATUS[CVE-2026-21712] = "cpe-incorrect: only v24 and v25 are affected"
CVE_STATUS[CVE-2026-21713] = "fixed-version: fixed since v22.22.2"
CVE_STATUS[CVE-2026-21714] = "fixed-version: fixed since v22.22.2"
CVE_STATUS[CVE-2026-21715] = "fixed-version: fixed since v22.22.2"
CVE_STATUS[CVE-2026-21716] = "fixed-version: fixed since v22.22.2"
CVE_STATUS[CVE-2026-21717] = "fixed-version: fixed since v22.22.2"