Ignore CVE-2025-13836

We dont care about this DoS enough, so ignore until a new version of python 3.12 s released with the fix. Not updating past Python 3.12 for this DoS.
2026-06-06 01:05:48 +02:00 · 2025-12-04 15:10:26 +05:30
parent 3352dba735
commit d87ba95d9c
1 changed files with 1 additions and 0 deletions
--- a/.github/workflows/ci.py
+++ b/.github/workflows/ci.py
@@ -220,6 +220,7 @@ IGNORED_DEPENDENCY_CVES = [
    # Python stdlib
    'CVE-2025-8194', # DoS in tarfile
    'CVE-2025-6069', # DoS in HTMLParser
+    'CVE-2025-13836', # DoS in http client reading from malicious server
    # glib
    'CVE-2025-4056', # Only affects Windows, on which we dont run
    # github.com/nwaples/rardecode/v2