From ef4d24afa17cfaabbb7aaa9265675a15abf99b20 Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 6 Oct 2024 16:44:26 +0200
Subject: [PATCH] rust: ignore CVE-2024-43402

This CVE iwas created because fix for CVE-2024-24576 was incomplete.
Ignore the new CVE in the same way as the old one.

See https://nvd.nist.gov/vuln/detail/CVE-2024-43402

(From OE-Core rev: 62bb1b8f89c97fa32a7b15021e9e3fbbb878ae68)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-devtools/rust/rust-source.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc
index c377a680a70..fc22b9990cf 100644
--- a/meta/recipes-devtools/rust/rust-source.inc
+++ b/meta/recipes-devtools/rust/rust-source.inc
@@ -6,5 +6,5 @@ RUSTSRC = "${WORKDIR}/rustc-${PV}-src"
 UPSTREAM_CHECK_URI = "https://forge.rust-lang.org/infra/other-installation-methods.html"
 UPSTREAM_CHECK_REGEX = "rustc-(?P<pver>\d+(\.\d+)+)-src"
 
-#CVE-2024-24576 is specific to Microsoft Windows
-CVE_CHECK_IGNORE += "CVE-2024-24576"
+# These CVEs are specific to Microsoft Windows
+CVE_CHECK_IGNORE += "CVE-2024-24576 CVE-2024-43402"
-- 
GitLab