From 613a9dc590ca90014656407a1ed84c792c95d85b Mon Sep 17 00:00:00 2001
From: Steve Dogiakos <dogiakos@gmail.com>
Date: Sun, 3 May 2026 16:21:24 -0600
Subject: [PATCH] ci: ignore CVE-2026-4878 and CVE-2026-33845 (no fix
 available)

Both CVEs affect Debian 13 base image packages with no fixed version:
- CVE-2026-4878: libcap2 privilege escalation via TOCTOU race in cap_set_file()
- CVE-2026-33845: libgnutls30t64 DoS via DTLS zero-length fragment
---
 .trivyignore | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.trivyignore b/.trivyignore
index 8e9c2a2..ed4ce8e 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -9,3 +9,9 @@ CVE-2026-27135
 
 # systemd: arbitrary code execution / DoS via spurious IPC (libsystemd0, libudev1)
 CVE-2026-29111
+
+# libcap: privilege escalation via TOCTOU race in cap_set_file() (libcap2)
+CVE-2026-4878
+
+# gnutls: DoS via DTLS zero-length fragment (libgnutls30t64)
+CVE-2026-33845