[Buildroot] [PATCH] package/avahi: ignore CVE-2021-26720
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Thu Apr 8 08:16:50 UTC 2021
On Thu, 08 Apr 2021 09:32:36 +0200
Peter Korsgaard <peter at korsgaard.com> wrote:
> >>>>> "Arnout" == Arnout Vandecappelle <arnout at mind.be> writes:
>
> > On 07/04/2021 15:54, Peter Korsgaard wrote:
> >> CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is part of
> >> the Debian packaging and not part of upstream avahi - So ignore the CVE.
> >>
> >> https://security-tracker.debian.org/tracker/CVE-2021-26720
> >>
> >> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
>
> > Applied to master, thanks.
>
> > BTW, is there an easy way to run the CVE check for a single package? Or do you
> > really have to go through configure + pkg-stats?
>
> I'm afraid so. Thomas?
Without any Buildroot configuration defined:
./support/scripts/pkg-stats --nvd-path /path/to/nvd/data -p avahi --html foobar.html
Best regards,
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list