From fb8e5b96592439a2d6f79223dc5c64c6aab6b388 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Thu, 5 Mar 2026 12:07:12 +0100
Subject: [PATCH] gimp: ignore CVE-2026-2047

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2047

The vulnerability exists in ICNS importer, which was first introduced in
version 3.0 [1], and the code is not present in the recipe version.

Due to this, ignore this CVE.

[1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
index d38160a864..679c39aa34 100644
--- a/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
+++ b/meta-gnome/recipes-gimp/gimp/gimp_2.10.38.bb
@@ -86,3 +86,4 @@ CVE_STATUS[CVE-2007-3741] = "not-applicable-platform: This only applies for Mand
 CVE_STATUS[CVE-2025-48796] = "cpe-incorrect: The current version (2.10.38) is not affected."
 CVE_STATUS[CVE-2025-14423] = "cpe-incorrect: The vulnerability was introduced in v3.0"
 CVE_STATUS[CVE-2025-14424] = "cpe-incorrect: The vulnerability was introduced in v3.0"
+CVE_STATUS[CVE-2026-2047] = "cpe-incorrect: The vulnerability was introduced in v3.0"