[Buildroot] [git commit branch/2021.02.x] package/libuci: ignore CVE-2019-15513
Peter Korsgaard
peter at korsgaard.com
Tue Aug 3 20:42:35 UTC 2021
commit: https://git.buildroot.net/buildroot/commit/?id=88e7d6a6c0a6bd0ac8a15c136e8d05131952bae0
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x
CVE-2019-15513 was fixed upstream in 2015 with commit
19e29ffc15dbd958e8e6a648ee0982c68353516f, which is older than the commit
we currently use in LIBUCI_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
[yann.morin.1998 at free.fr: reword comment and commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
(cherry picked from commit 46273a8eb92171b3c70a6b2750549329a0d4ccba)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
package/libuci/libuci.mk | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/libuci/libuci.mk b/package/libuci/libuci.mk
index dc9b999787..fc83287968 100644
--- a/package/libuci/libuci.mk
+++ b/package/libuci/libuci.mk
@@ -11,6 +11,9 @@ LIBUCI_CPE_ID_VENDOR = openwrt
LIBUCI_INSTALL_STAGING = YES
LIBUCI_DEPENDENCIES = libubox
+# Fixed in commit 19e29ffc15dbd958e8e6a648ee0982c68353516f, older than LIBUCI_VERSION
+LIBUCI_IGNORE_CVES += CVE-2019-15513
+
ifeq ($(BR2_PACKAGE_LUA_5_1),y)
LIBUCI_DEPENDENCIES += lua
LIBUCI_CONF_OPTS += -DBUILD_LUA=ON \
More information about the buildroot
mailing list