From e0e79bbde23f17185cc59908fee97c0cea098428 Mon Sep 17 00:00:00 2001
From: Marta Rybczynska <marta.rybczynska@huawei.com>
Date: Mon, 29 Nov 2021 19:54:13 +0100
Subject: jansson: whitelist CVE-2020-36325

According to the upstream [1], the bug happens only if the programmer
does not follow the API definition.

[1] https://github.com/akheron/jansson/issues/548

Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 meta-oe/recipes-extended/jansson/jansson_2.13.1.bb | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'meta-oe')

diff --git a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
index d6e56ea768..7beea9f1e7 100644
--- a/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
+++ b/meta-oe/recipes-extended/jansson/jansson_2.13.1.bb
@@ -11,4 +11,7 @@ SRC_URI[sha256sum] = "f4f377da17b10201a60c1108613e78ee15df6b12016b116b6de42209f4
 
 inherit autotools pkgconfig
 
+# upstream considers it isn't a real bug https://github.com/akheron/jansson/issues/548
+CVE_CHECK_WHITELIST = "CVE-2020-36325 "
+
 BBCLASSEXTEND = "native"
-- 
cgit 1.2.3-korg