From 856de3fd4680361733a00ab514789142e52e5f89 Mon Sep 17 00:00:00 2001
From: Alex Pyrgiotis <alex.p@freedom.press>
Date: Mon, 10 Feb 2025 12:31:08 +0200
Subject: [PATCH] grype: Ignore CVE-2025-0665

Ignore the CVE-2025-0665 vulnerability, since it's a libcurl one, and
the Dangerzone container does not make network calls. Also, it seems
that Debian Bookworm is not affected.
---
 .grype.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.grype.yaml b/.grype.yaml
index 40200e9..c25ca9a 100644
--- a/.grype.yaml
+++ b/.grype.yaml
@@ -37,3 +37,12 @@ ignore:
   #       [bookworm] - raptor2 <postponed> (Minor issue, revisit when fixed upstream)
   #
   - vulnerability: CVE-2024-57823
+  # CVE-2025-0665
+  # ==============
+  #
+  # Debian tracker: https://security-tracker.debian.org/tracker/CVE-2025-0665
+  # Verdict: Dangerzone is not affected because the vulnerable code is not
+  # present in Debian Bookworm. Also, libcurl is an HTTP client, and the
+  # Dangerzone container does not make any network calls.
+  - vulnerability: CVE-2025-0665
+