From: Gyorgy Sarvari <[email protected]> The vulnerability was reported against mod_auth_openidc, which module is a 3rd party one, and not part of the apache2 source distribution.
The affected module is not part of the meta-oe universe currently, so ignore the CVE. Signed-off-by: Gyorgy Sarvari <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 11fc309ae95bc221d44fb85515ab5df7afd59c26) Signed-off-by: Ankur Tyagi <[email protected]> --- meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb index dcba815831..98b2215f44 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.65.bb @@ -48,6 +48,7 @@ CVE_STATUS[CVE-2007-6422] = "cpe-incorrect: The current version is not affected CVE_STATUS[CVE-2007-6423] = "cpe-incorrect: The current version is not affected by the CVE which affects versions from 2.2.x to 2.2.7-dev" CVE_STATUS[CVE-2008-2168] = "cpe-incorrect: The current version is not affected by the CVE which affects versions up to 2.2.6 (excl.)" CVE_STATUS[CVE-2010-0425] = "not-applicable-platform: The current version is not affected. It only applies for Windows." +CVE_STATUS[CVE-2025-3891] = "cpe-incorrect: The CVE is for a 3rd party module, which is not part of the Apache source distribution" SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121804): https://lists.openembedded.org/g/openembedded-devel/message/121804 Mute This Topic: https://lists.openembedded.org/mt/116352356/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
