From 8f1269507ad95d56aeab3cdd0c0178e194506ca8 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Tue, 7 Oct 2025 11:23:42 +0200
Subject: [PATCH] redis: ignore CVE-2022-3734 and CVE-2022-0543

CVE-2022-3734 only affects Windows.
CVE-2022-0543 affects only packages that were packaged for Debian and
Debian-derivative distros.

Neither of these issues is present in upstream Redis.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-oe/recipes-extended/redis/redis_6.2.20.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-extended/redis/redis_6.2.20.bb b/meta-oe/recipes-extended/redis/redis_6.2.20.bb
index 175e0a9fc2..cc98781fed 100644
--- a/meta-oe/recipes-extended/redis/redis_6.2.20.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.20.bb
@@ -21,6 +21,8 @@ SRC_URI = "http://download.redis.io/releases/${BP}.tar.gz \
 SRC_URI[sha256sum] = "7f8b8a7aed53c445a877adf9e3743cdd323518524170135a58c0702f2dba6ef4"
 
 CVE_STATUS[CVE-2025-21605] = "cpe-incorrect: the used version already contains the fix"
+CVE_STATUS[CVE-2022-0543] = "not-applicable-config: the vulnerability is not present in upstream, only in Debian-packaged version"
+CVE_STATUS[CVE-2022-3734] = "not-applicable-config: only affects Windows"
 
 inherit update-rc.d systemd useradd