[oe] [meta-oe][kirkstone][PATCH 15/16] tigervnc: ignore CVE-2025-26594...26601

Mon, 09 Feb 2026 03:39:21 -0800 

Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596,
CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601

Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-26594
https://nvd.nist.gov/vuln/detail/CVE-2025-26595
https://nvd.nist.gov/vuln/detail/CVE-2025-26596
https://nvd.nist.gov/vuln/detail/CVE-2025-26597
https://nvd.nist.gov/vuln/detail/CVE-2025-26598
https://nvd.nist.gov/vuln/detail/CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26600
https://nvd.nist.gov/vuln/detail/CVE-2025-26601

TigerVNC compiles its own xserver, this is why these CVEs are associated
with it - despite the vulnerabilities being in xserver.

All of these vulnerabilities were fixed by the same PR[1], which has
been part of xserver since version 21.1.16 (the currently used xserver
version in TigerVNC is 21.1.18).

Due to this, ignore these vulnerabilities, and just mark them as patched.

[1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830

Signed-off-by: Gyorgy Sarvari <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit 4924e89bb77fe5486063229c50039a458d60f8ea)
Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb 
b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb
index 4f9b9f7267..8abcc873f3 100644
--- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb
+++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.11.0.bb
@@ -123,4 +123,6 @@ FILES:${PN}-dbg += 
"${libdir}/xorg/modules/extensions/.debug"
 CVE_CHECK_IGNORE += "CVE-2014-8241"
 
 # fixed-version: The vulnerable code is not present in the used xserver 
version (21.1.18)
-CVE_CHECK_IGNORE += "CVE-2023-6377 CVE-2023-6478"
+CVE_CHECK_IGNORE += "CVE-2023-6377 CVE-2023-6478 CVE-2025-26594 CVE-2025-26595 
\
+CVE-2025-26596 CVE-2025-26597 CVE-2025-26598 CVE-2025-26599 CVE-2025-26600 \
+CVE-2025-26601"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#124310): 
https://lists.openembedded.org/g/openembedded-devel/message/124310
Mute This Topic: https://lists.openembedded.org/mt/117717479/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to