[Buildroot] [PATCH 2/5] package/libsndfile: annotate _IGNORE_CVES for the included security patches

Peter Korsgaard peter at korsgaard.com
Wed Feb 19 21:37:04 UTC 2020


>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at bootlin.com> writes:

 > On Wed, 19 Feb 2020 17:01:59 +0100
 > Peter Korsgaard <peter at korsgaard.com> wrote:

 >> Also mark CVE-2018-13419 as disputed.
 >> 
 >> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>

 > What does "disputed" means in this context ?

That someone related to the project claims that it isn't a security
issue or cannot reproduce the issue.

Specifically for this CVE, see the discussion here:

https://github.com/erikd/libsndfile/issues/398

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list