From c9662d5451f0a4ea1d8c5ca4247ed07927b373d7 Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Sat, 14 Feb 2026 14:13:16 +1300
Subject: [PATCH] dovecot: ignore CVE-2025-30189

Vulnerable versions are 2.4.0, 2.4.1 according to the full disclosure[1]

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189

[1] https://seclists.org/fulldisclosure/2025/Oct/29

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb b/meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb
index 48e1e8a832..696257930a 100644
--- a/meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb
+++ b/meta-networking/recipes-support/dovecot/dovecot_2.3.21.1.bb
@@ -73,3 +73,4 @@ FILES:${PN}-dev += "${libdir}/dovecot/libdovecot*.so"
 FILES:${PN}-dbg += "${libdir}/dovecot/*/.debug"
 
 CVE_STATUS[CVE-2016-4983] = "not-applicable-platform: Affects only postinstall script on specific distribution."
+CVE_STATUS[CVE-2025-30189] = "cpe-incorrect: The current version (2.3.21.1) is not affected."