From baf3635c7df7db493597f43d6c737061b247a07a Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Sat, 4 Oct 2025 20:18:49 +0200 Subject: [PATCH] apache2: ignore irrelevant CVEs Ignore a number of CVEs for this recipe (because they are for another software, outdated version, or because they affect only non-Linux platforms). This commit is a backport of a number of commits from the master branch (which uses the same version of the recipe): 0e7733f1b8f51949ec91d82267d5d864ac0be16a 1b86a60f6283b08acadc50914075d93dd362700b 59d3949e3ed673bd049aadfd2238213b550f1461 1b86a60f6283b08acadc50914075d93dd362700b da2b5e8b93c248363581b1bd4ff67ff1d8357c41 0e7733f1b8f51949ec91d82267d5d864ac0be16a Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal --- .../recipes-httpd/apache2/apache2_2.4.65.bb | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb index 34526fc78e..dcba815831 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb @@ -37,6 +37,18 @@ DEPENDS = "openssl expat pcre apr apr-util apache2-native " CVE_PRODUCT = "apache:http_server" +CVE_STATUS[CVE-1999-0289] = "not-applicable-platform: The current version is not affected. It only applies for Windows" +CVE_STATUS[CVE-1999-0678] = "not-applicable-platform: this CVE is for Debian packaging configuration" +CVE_STATUS[CVE-1999-1237] = "cpe-incorrect: This is vulnerability of Apache AuthenSmb module, fixed in 0.9" +CVE_STATUS[CVE-1999-1412] = "not-applicable-platform: this CVE is for MAC OS X specific problem" +CVE_STATUS[CVE-2007-0086] = "disputed: this CVE is officially disputed by Redhat" +CVE_STATUS[CVE-2007-0450] = "not-applicable-platform: The current version is not affected. It only applies for Windows." +CVE_STATUS[CVE-2007-6421] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)" +CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2 (incl.) to 2.2.8 (excl.)" +CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev" +CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)" +CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version is not affected. It only applies for Windows." + SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}"