redis: ignore CVE-2025-46686

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686 Upstream disputes that it is a security violation, and says that implementing a mitigation for this would negatively affect the rest of the application, so they elected to ignore it. See Github advisory about the same vulnerability: https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-04-02 02:49:12 +00:00 · 2025-12-25 13:51:35 +01:00 · 2025-12-25 13:51:35 +01:00 · 4da4c6547c
commit 4da4c6547c
parent ef7ac09d7a
2 changed files with 4 additions and 0 deletions
--- a/meta-oe/recipes-extended/redis/redis_6.2.21.bb
+++ b/meta-oe/recipes-extended/redis/redis_6.2.21.bb
@ -25,6 +25,8 @@ inherit autotools-brokensep update-rc.d systemd useradd
 CVE_CHECK_IGNORE += "CVE-2022-0543"
 # not-applicable-config: only affects Windows
 CVE_CHECK_IGNORE += "CVE-2022-3734"
+# disputed: not strictly a bug, mitigating it would affect functionality
+CVE_CHECK_IGNORE += "CVE-2025-46686"

 FINAL_LIBS:x86:toolchain-clang = "-latomic"
 FINAL_LIBS:riscv32:toolchain-clang = "-latomic"
--- a/meta-oe/recipes-extended/redis/redis_7.0.15.bb
+++ b/meta-oe/recipes-extended/redis/redis_7.0.15.bb
@ -38,6 +38,8 @@ inherit autotools-brokensep update-rc.d systemd useradd
 CVE_CHECK_IGNORE += "CVE-2022-0543"
 # not-applicable-config: only affects Windows
 CVE_CHECK_IGNORE += "CVE-2022-3734"
+# disputed: not strictly a bug, mitigating it would affect functionality
+CVE_CHECK_IGNORE += "CVE-2025-46686"

 FINAL_LIBS:x86:toolchain-clang = "-latomic"
 FINAL_LIBS:riscv32:toolchain-clang = "-latomic"