[Buildroot] [PATCH 2/5] package/libsndfile: annotate _IGNORE_CVES for the included security patches
Peter Korsgaard
peter at korsgaard.com
Thu Feb 20 12:16:08 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Also mark CVE-2018-13419 as disputed.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> package/libsndfile/libsndfile.mk | 11 +++++++++++
> 1 file changed, 11 insertions(+)
> diff --git a/package/libsndfile/libsndfile.mk b/package/libsndfile/libsndfile.mk
> index 22909ffb62..4a375ab609 100644
> --- a/package/libsndfile/libsndfile.mk
> +++ b/package/libsndfile/libsndfile.mk
> @@ -10,6 +10,17 @@ LIBSNDFILE_INSTALL_STAGING = YES
> LIBSNDFILE_LICENSE = LGPL-2.1+
> LIBSNDFILE_LICENSE_FILES = COPYING
> +# 0001-double64_init-Check-psf-sf.channels-against-upper-bo.patch
> +LIBSNDFILE_IGNORE_CVES += CVE-2017-14634
> +# 0002-Check-MAX_CHANNELS-in-sndfile-deinterleave.patch
> +LIBSNDFILE_IGNORE_CVES += CVE-2018-13139 CVE-2018-19432
> +# 0003-a-ulaw-fix-multiple-buffer-overflows-432.patch
> +LIBSNDFILE_IGNORE_CVES += \
> + CVE-2017-14245 CVE-2017-14246 CVE-2017-17456 CVE-2017-17457 \
> + CVE-2018-19661 CVE-2018-19662
> +# disputed
Committed after adding the dispute link as suggested by Thomas, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list