[Buildroot] [PATCH] package/erlang: ignore Windows specific CVE-2021-29221
Peter Korsgaard
peter at korsgaard.com
Wed Sep 29 18:18:06 UTC 2021
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> CVE-2021-29221 is a Windows specific issue:
> A local privilege escalation vulnerability was discovered in Erlang/OTP
> prior to version 23.2.3. By adding files to an existing installation's
> directory, a local attacker could hijack accounts of other users running
> Erlang programs or possibly coerce a service running with "erlsrv.exe" to
> execute arbitrary code as Local System. This can occur only under specific
> conditions on Windows with unsafe filesystem permissions.
> So ignore it.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list