From 8371516578c0bfbd80a1e4e94be846b2daf56d37 Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 4 Feb 2024 21:00:25 +0100
Subject: [PATCH] syslog-ng: ignore CVE-2022-38725

This CVE is fixed in 3.38.1, however cve-check indicates it as
not fixed because there is also cpe for premium version.
There is currently no method to filter this away in cve-check.

Relevant CPEs:
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:-:*:*:*       < 3.38.1
cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb b/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
index 650c7bd5f3..77a5e67a42 100644
--- a/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
+++ b/meta-oe/recipes-support/syslog-ng/syslog-ng_4.0.1.bb
@@ -30,6 +30,8 @@ SRC_URI[sha256sum] = "c16eafe447191c079f471846182876b7919d3d789af8c1f9fe55ab1452
 
 UPSTREAM_CHECK_URI = "https://github.com/balabit/syslog-ng/releases"
 
+CVE_STATUS[CVE-2022-38725] = "cpe-incorrect: cve-check wrongly matches cpe:2.3:a:oneidentity:syslog-ng:*:*:*:*:premium:*:*:* < 7.0.32"
+
 inherit autotools gettext systemd pkgconfig update-rc.d multilib_header
 
 EXTRA_OECONF = " \