From df0b60ad518af83c18516c5398dc650b83a21dd9 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Tue, 14 Oct 2025 15:59:08 +0200
Subject: [PATCH] apache2: ignore CVE-2025-3891

The vulnerability was reported against mod_auth_openidc, which module
is a 3rd party one, and not part of the apache2 source distribution.

The affected module is not part of the meta-oe universe currently,
so ignore the CVE.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
index e6a40e0239..8470bdd832 100644
--- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
+++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb
@@ -55,6 +55,8 @@ CVE_CHECK_IGNORE += "CVE-2007-6421 CVE-2007-6422"
 CVE_CHECK_IGNORE += "CVE-2007-6423"
 # cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)
 CVE_CHECK_IGNORE += "CVE-2008-2168"
+# cpe-incorrect: The CVE is for a 3rd party module, which is not part of the Apache source distribution
+CVE_CHECK_IGNORE += "CVE-2025-3891"
 
 SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"