[Buildroot] [PATCH 1/3] package/exiv2: annotate CVE-2019-13504

Fabrice Fontaine fontaine.fabrice at gmail.com
Sat Feb 29 21:32:02 UTC 2020


CVE-2019-13504 is misclassified (by our CVE tracker) as affecting
version 0.27.2, while in fact both commits that fixed this issue are
already in this version.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
 package/exiv2/exiv2.mk | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/package/exiv2/exiv2.mk b/package/exiv2/exiv2.mk
index 228b3a980e..09988f49b2 100644
--- a/package/exiv2/exiv2.mk
+++ b/package/exiv2/exiv2.mk
@@ -10,6 +10,11 @@ EXIV2_INSTALL_STAGING = YES
 EXIV2_LICENSE = GPL-2.0+, BSD-3-Clause
 EXIV2_LICENSE_FILES = COPYING COPYING-CMAKE-SCRIPTS
 
+# CVE-2019-13504 is misclassified (by our CVE tracker) as affecting version
+# 0.27.2, while in fact both commits that fixed this issue are already in this
+# version.
+EXIV2_IGNORE_CVES += CVE-2019-13504
+
 EXIV2_CONF_OPTS += -DEXIV2_ENABLE_BUILD_SAMPLES=OFF
 
 # The following CMake variable disables a TRY_RUN call in the -pthread
-- 
2.25.0



More information about the buildroot mailing list