mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 05:10:20 +00:00
Code Issues Projects Releases Wiki Activity

protobuf, python3-protobuf: ignore CVE-2026-6409

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-6409

The vulnerability impacts only the PHP library component, not the
cpp/python one. Ignore this CVE due to this.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-20 11:33:18 +02:00
committed by Khem Raj
parent 09050325e6
commit aef8bc3422
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-devtools/protobuf/protobuf_6.33.6.bb
+1
View File
@@ -29,6 +29,7 @@ UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d\.\d+\.\d+)"
CVE_PRODUCT = "google:protobuf protobuf:protobuf google-protobuf protobuf-cpp"
CVE_STATUS[CVE-2026-0994] = "cpe-incorrect: the vulnerability affects only python3-protobuf recipe"
CVE_STATUS[CVE-2026-6409] = "cpe-incorrect: the vulnerability affects only the php library"
inherit cmake pkgconfig ptest
meta-python/recipes-devtools/python/python3-protobuf_6.33.6.bb
+1
View File
@@ -14,6 +14,7 @@ SRC_URI[sha256sum] = "a6768d25248312c297558af96a9f9c929e8c4cee0659cb07e780731095
CVE_PRODUCT += "google:protobuf protobuf:protobuf google-protobuf protobuf-python"
CVE_STATUS[CVE-2026-0994] = "fixed-version: it is fixed in 6.33.5"
CVE_STATUS[CVE-2026-6409] = "cpe-incorrect: the vulnerability affects only the php library"
# http://errors.yoctoproject.org/Errors/Details/184715/
# Can't find required file: ../src/google/protobuf/descriptor.proto