[Buildroot] [PATCH 02/10] package/coreutils: ignore CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
Peter Korsgaard
peter at korsgaard.com
Mon Apr 26 19:15:13 UTC 2021
>>>>> "Matt" == Matt Weber <matthew.weber at rockwellcollins.com> writes:
> This CVE is only relevant to a build when the SUSE coreutils-i18n.patch
> is included. The upstream codebase does not include this patch, nor
> does Buildroot.
> https://security-tracker.debian.org/tracker/CVE-2013-0221
> https://security-tracker.debian.org/tracker/CVE-2013-0222
> https://security-tracker.debian.org/tracker/CVE-2013-0223
> Signed-off-by: Matthew Weber <matthew.weber at rockwellcollins.com>
> ---
> package/coreutils/coreutils.mk | 4 ++++
> 1 file changed, 4 insertions(+)
> diff --git a/package/coreutils/coreutils.mk b/package/coreutils/coreutils.mk
> index 0e75cdfcda..65234a113e 100644
> --- a/package/coreutils/coreutils.mk
> +++ b/package/coreutils/coreutils.mk
> @@ -10,6 +10,10 @@ COREUTILS_SOURCE = coreutils-$(COREUTILS_VERSION).tar.xz
> COREUTILS_LICENSE = GPL-3.0+
> COREUTILS_LICENSE_FILES = COPYING
> COREUTILS_CPE_ID_VENDOR = gnu
> +# Only when including SUSE coreutils-i18n.patch
> +COREUTILS_IGNORE_CVES = CVE-2013-0221
> +COREUTILS_IGNORE_CVES += CVE-2013-0222
> +COREUTILS_IGNORE_CVES += CVE-2013-0223
NIT: There is no problem having multiple CVE's on the same line:
COREUTILS_IGORE_CVES += CVE-2013-0221 CVE-2013-0222 CVE-2013-0223
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list