[Buildroot] [PATCH 1/1] package/libtorrent: annotate CVE-2009-1760 and CVE-2016-5301
Fabrice Fontaine
fontaine.fabrice at gmail.com
Sun Mar 1 20:00:49 UTC 2020
CVE-2009-1760 and CVE-2016-5301 are misclassified (by our CVE tracker)
as affecting libtorrent, while in fact they affect libtorrent-rasterbar.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
package/libtorrent/libtorrent.mk | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/libtorrent/libtorrent.mk b/package/libtorrent/libtorrent.mk
index c8310cab65..17c6f92ab4 100644
--- a/package/libtorrent/libtorrent.mk
+++ b/package/libtorrent/libtorrent.mk
@@ -14,6 +14,10 @@ LIBTORRENT_INSTALL_STAGING = YES
LIBTORRENT_LICENSE = GPL-2.0
LIBTORRENT_LICENSE_FILES = COPYING
+# CVE-2009-1760 and CVE-2016-5301 are misclassified (by our CVE tracker) as
+# affecting libtorrent, while in fact they affect libtorrent-rasterbar.
+LIBTORRENT_IGNORE_CVES += CVE-2009-1760 CVE-2016-5301
+
ifeq ($(BR2_PACKAGE_OPENSSL),y)
LIBTORRENT_CONF_OPTS += --enable-openssl
LIBTORRENT_DEPENDENCIES += openssl
--
2.25.0
More information about the buildroot
mailing list