Cutlery/calibre
1
0
Fork 0
mirror of https://github.com/kovidgoyal/calibre.git synced 2026-05-27 01:02:34 -04:00
Code Issues Packages Projects Releases Wiki Activity

Ignore CVEs in unreleased dependency versions

Browse Source
This commit is contained in:
Kovid Goyal
2026-03-20 11:40:55 +05:30
parent e98d4bb409
commit e6510a5388
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
setup/unix-ci.py
+3
View File
@@ -189,6 +189,8 @@ IGNORED_DEPENDENCY_CVES = [
'CVE-2025-12781',
'CVE-2025-11468',
'CVE-2026-2297',
'CVE-2026-3644',
'CVE-2026-4224', # expat parser unused
# libtiff
'CVE-2025-8851', # this is erroneously marked as fixed in the database but no release of libtiff has been made with the fix
# hyphen
@@ -202,6 +204,7 @@ IGNORED_DEPENDENCY_CVES = [
'CVE-2025-59729', # DHAV files unused by calibre ad negligible security impact: https://issuetracker.google.com/issues/433513232
'CVE-2025-25469', 'CVE-2025-25468', # memory leak, not a security issue
'CVE-2025-12343', 'CVE-2025-10256', # DoS in video decoder unused in calibre
'CVE-2026-2673', # openssl fix not released
]