zabbix: ignore multiple CVEs

CVE-2026-23919: Has been fixed since version 7.0.19[1], mark it as patched CVE-2026-23920: Has been fixed since version 7.0.22[2], mark it as patched CVE-2026-23921: Has been fixed since version 7.0.22[3], mark it as patched CVE-2026-23923: The vulnerable code isn't present in 7.0 yet, it is specific to 7.4 versions. Compare the fix[4] in 7.4, which is changes code that doesn't exist in the recipe version. Ignore this CVE due to this. [1]: https://support.zabbix.com/browse/ZBX-27638 [2]: https://support.zabbix.com/browse/ZBX-27639 [3]: https://support.zabbix.com/browse/ZBX-27640 [4]: 043c28c208 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
2026-04-02 02:49:12 +00:00 · 2026-04-01 10:33:23 +02:00 · 2026-04-01 10:33:23 +02:00 · a307e2fa5d
commit a307e2fa5d
parent e003ec73d9
1 changed files with 4 additions and 0 deletions
--- a/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb
+++ b/meta-oe/recipes-connectivity/zabbix/zabbix_7.0.24.bb
@ -78,3 +78,7 @@ FILES:${PN} += "${libdir}"
 RDEPENDS:${PN} = "logrotate"

 CVE_STATUS[CVE-2026-23925] = "fixed-version: fixed since 7.0.18"
+CVE_STATUS[CVE-2026-23919] = "fixed-version: fixed since 7.0.19"
+CVE_STATUS[CVE-2026-23920] = "fixed-version: fixed since 7.0.22"
+CVE_STATUS[CVE-2026-23921] = "fixed-version: fixed since 7.0.22"
+CVE_STATUS[CVE-2026-23923] = "cpe-incorrect: 7.0 versions don't have the vulnerable code"