From a307e2fa5deac78860f555c69b697eb3210199d5 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Wed, 1 Apr 2026 10:33:23 +0200 Subject: [PATCH] zabbix: ignore multiple CVEs CVE-2026-23919: Has been fixed since version 7.0.19[1], mark it as patched CVE-2026-23920: Has been fixed since version 7.0.22[2], mark it as patched CVE-2026-23921: Has been fixed since version 7.0.22[3], mark it as patched CVE-2026-23923: The vulnerable code isn't present in 7.0 yet, it is specific to 7.4 versions. Compare the fix[4] in 7.4, which is changes code that doesn't exist in the recipe version. Ignore this CVE due to this. [1]: https://support.zabbix.com/browse/ZBX-27638 [2]: https://support.zabbix.com/browse/ZBX-27639 [3]: https://support.zabbix.com/browse/ZBX-27640 [4]: https://github.com/zabbix/zabbix/commit/043c28c2083bf8ea596966f2b6b51a26de7deca3 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb index b836a04626..1ec159cdee 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb @@ -78,3 +78,7 @@ FILES:${PN} += "${libdir}" RDEPENDS:${PN} = "logrotate" CVE_STATUS[CVE-2026-23925] = "fixed-version: fixed since 7.0.18" +CVE_STATUS[CVE-2026-23919] = "fixed-version: fixed since 7.0.19" +CVE_STATUS[CVE-2026-23920] = "fixed-version: fixed since 7.0.22" +CVE_STATUS[CVE-2026-23921] = "fixed-version: fixed since 7.0.22" +CVE_STATUS[CVE-2026-23923] = "cpe-incorrect: 7.0 versions don't have the vulnerable code"