[Buildroot] [PATCH] package/avahi: ignore CVE-2021-26720

Thomas Petazzoni thomas.petazzoni at bootlin.com
Thu Apr 8 08:16:50 UTC 2021


On Thu, 08 Apr 2021 09:32:36 +0200
Peter Korsgaard <peter at korsgaard.com> wrote:

> >>>>> "Arnout" == Arnout Vandecappelle <arnout at mind.be> writes:  
> 
>  > On 07/04/2021 15:54, Peter Korsgaard wrote:  
>  >> CVE-2021-26720 is an issue in avahi-daemon-check-dns.sh, which is part of
>  >> the Debian packaging and not part of upstream avahi - So ignore the CVE.
>  >> 
>  >> https://security-tracker.debian.org/tracker/CVE-2021-26720
>  >> 
>  >> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>  
> 
>  >  Applied to master, thanks.  
> 
>  >  BTW, is there an easy way to run the CVE check for a single package? Or do you
>  > really have to go through configure + pkg-stats?  
> 
> I'm afraid so. Thomas?

Without any Buildroot configuration defined:

./support/scripts/pkg-stats --nvd-path /path/to/nvd/data -p avahi --html foobar.html

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com


More information about the buildroot mailing list