From 9621d102043be13bd0b2cacd6c6fe4b49f7c57c8 Mon Sep 17 00:00:00 2001 From: Titouan Christophe Date: Tue, 6 May 2025 16:52:36 +0200 Subject: [PATCH] package/mender: ignore mender CVE because it doesn't affect the client package CVE-2024-46948 only affects the device management and update server part of Mender, and not the client running on the devices Signed-off-by: Titouan Christophe Signed-off-by: Thomas Petazzoni (cherry picked from commit f16475f3773dbb910356c1b9dbb8a663266a55b0) Signed-off-by: Thomas Perale --- package/mender/mender.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package/mender/mender.mk b/package/mender/mender.mk index 146e6b2b73..1050277db1 100644 --- a/package/mender/mender.mk +++ b/package/mender/mender.mk @@ -8,6 +8,8 @@ MENDER_VERSION = 3.5.3 MENDER_SITE = $(call github,mendersoftware,mender,$(MENDER_VERSION)) MENDER_LICENSE = Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MIT, OLDAP-2.8 MENDER_CPE_ID_VENDOR = northern.tech +# CVE-2024-46948 only affects mender-server +MENDER_IGNORE_CVES = CVE-2024-46948 # Vendor license paths generated with: # awk '{print $2}' LIC_FILES_CHKSUM.sha256 | grep vendor