From caeab8f3f785eb2a2cb21e73caf9e19949260d02 Mon Sep 17 00:00:00 2001
From: Ellis Clayton <ellis@ellis.codes>
Date: Thu, 12 Oct 2023 11:22:51 +1100
Subject: [PATCH] Ignore CVE-2023-3640

This is quite an edge case CVE. Its risk is further reduced by the fact
our container runs as root (meaning no privilege escalation in the first
place). It's also a kernel-level thing, so not really relevant in a
container.
---
 .buildkite/pipeline.deploy.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.buildkite/pipeline.deploy.yml b/.buildkite/pipeline.deploy.yml
index 63d78f4cf8..0f71330644 100644
--- a/.buildkite/pipeline.deploy.yml
+++ b/.buildkite/pipeline.deploy.yml
@@ -33,6 +33,7 @@ steps:
             - CVE-2023-2953 # openldap 2.5.13+dfsg-5
             - CVE-2023-31484 # perl 5.36.0-7
             - CVE-2023-24329 # python3.11 3.11.2-6
+            - CVE-2023-3640 # linux 6.1.55-1
 
   # If the current user is part of the deploy team, then wait for everything to
   # finish before deploying