[Buildroot] [PATCH 00/10] Misc CVE ignores
Yann E. MORIN
yann.morin.1998 at free.fr
Sat Apr 24 09:29:52 UTC 2021
Matt, All,
On 2021-04-21 15:42 -0500, Matt Weber spake thusly:
> * I'm working on upstream NVD fixes for some of these.
>
> * There are roughly half of the ignore cases that are a bit of a
> challenge to identify where the fix was clearly tracked into
> a specific version. I tried to document in each commit as much
> as a could by linking to conversations clarifying the details.
>
> Matt Weber (10):
> package/bind: ignore CVE-2017-3139
> package/coreutils: ignore CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
> package/bind: ignore CVE-2019-6470
> package/cmake: ignore CVE-2016-10642
> package/flex: ignore CVE-2019-6293
For this one, I've switched to using the actual upstream URL, rather
that of a downstream consumer:
https://github.com/westes/flex/issues/414
> package/hostapd: ignore CVE-2021-30004 when using openssl
> package/wpa_supplicant: ignore CVE-2021-30004 when using openssl
> package/ncurses: ignore CVE-2018-10754, CVE-2018-19211,
> CVE-2018-19217, CVE-2019-17594, CVE-2019-17595
> package/rsyslog: ignore CVE-2015-3243
> package/tar: ignore CVE-2007-4476
Series applied to master, thanks.
Regards,
Yann E. MORIN.
> package/bind/bind.mk | 4 ++++
> package/cmake/cmake.mk | 2 ++
> package/coreutils/coreutils.mk | 4 ++++
> package/flex/flex.mk | 3 +++
> package/hostapd/hostapd.mk | 2 ++
> package/ncurses/ncurses.mk | 6 ++++++
> package/rsyslog/rsyslog.mk | 4 ++++
> package/tar/tar.mk | 2 ++
> package/wpa_supplicant/wpa_supplicant.mk | 2 ++
> 9 files changed, 29 insertions(+)
>
> --
> 2.17.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
More information about the buildroot
mailing list