[Buildroot] [PATCH 1/1] package/tftpd: annotate CVE-2008-1403

Fabrice Fontaine fontaine.fabrice at gmail.com
Sun Mar 1 20:19:28 UTC 2020


CVE-2008-1403 is misclassified (by our CVE tracker) as affecting tftpd,
while in fact it affects BootManage TFTPD.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
 package/tftpd/tftpd.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/tftpd/tftpd.mk b/package/tftpd/tftpd.mk
index 57905fda05..d7b0c12dc6 100644
--- a/package/tftpd/tftpd.mk
+++ b/package/tftpd/tftpd.mk
@@ -11,6 +11,10 @@ TFTPD_CONF_OPTS = --without-tcpwrappers
 TFTPD_LICENSE = BSD-4-Clause
 TFTPD_LICENSE_FILES = tftpd/tftpd.c
 
+# CVE-2008-1403 is misclassified (by our CVE tracker) as affecting tftpd, while
+# in fact it affects BootManage TFTPD.
+TFTPD_IGNORE_CVES += CVE-2008-1403
+
 define TFTPD_INSTALL_TARGET_CMDS
 	$(INSTALL) -D $(@D)/tftp/tftp $(TARGET_DIR)/usr/bin/tftp
 	$(INSTALL) -D $(@D)/tftpd/tftpd $(TARGET_DIR)/usr/sbin/tftpd
-- 
2.25.0



More information about the buildroot mailing list