[Buildroot] [PATCH 1/1] package/tftpd: annotate CVE-2008-1403
Fabrice Fontaine
fontaine.fabrice at gmail.com
Sun Mar 1 20:19:28 UTC 2020
CVE-2008-1403 is misclassified (by our CVE tracker) as affecting tftpd,
while in fact it affects BootManage TFTPD.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
---
package/tftpd/tftpd.mk | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/tftpd/tftpd.mk b/package/tftpd/tftpd.mk
index 57905fda05..d7b0c12dc6 100644
--- a/package/tftpd/tftpd.mk
+++ b/package/tftpd/tftpd.mk
@@ -11,6 +11,10 @@ TFTPD_CONF_OPTS = --without-tcpwrappers
TFTPD_LICENSE = BSD-4-Clause
TFTPD_LICENSE_FILES = tftpd/tftpd.c
+# CVE-2008-1403 is misclassified (by our CVE tracker) as affecting tftpd, while
+# in fact it affects BootManage TFTPD.
+TFTPD_IGNORE_CVES += CVE-2008-1403
+
define TFTPD_INSTALL_TARGET_CMDS
$(INSTALL) -D $(@D)/tftp/tftp $(TARGET_DIR)/usr/bin/tftp
$(INSTALL) -D $(@D)/tftpd/tftpd $(TARGET_DIR)/usr/sbin/tftpd
--
2.25.0
More information about the buildroot
mailing list