There's a whitelisting in place, but something about it is broken. I've opened https://github.com/openSUSE/rpmlint-security-whitelistings/issues/5 to track this.