[Buildroot] [PATCH 00/10] Misc CVE ignores

Matt Weber matthew.weber at rockwellcollins.com
Wed Apr 21 20:42:25 UTC 2021


 * I'm working on upstream NVD fixes for some of these.

 * There are roughly half of the ignore cases that are a bit of a
   challenge to identify where the fix was clearly tracked into
   a specific version. I tried to document in each commit as much
   as a could by linking to conversations clarifying the details.

Matt Weber (10):
  package/bind: ignore CVE-2017-3139
  package/coreutils: ignore CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
  package/bind: ignore CVE-2019-6470
  package/cmake: ignore CVE-2016-10642
  package/flex: ignore CVE-2019-6293
  package/hostapd: ignore CVE-2021-30004 when using openssl
  package/wpa_supplicant: ignore CVE-2021-30004 when using openssl
  package/ncurses: ignore CVE-2018-10754, CVE-2018-19211,
    CVE-2018-19217, CVE-2019-17594, CVE-2019-17595
  package/rsyslog: ignore CVE-2015-3243
  package/tar: ignore CVE-2007-4476

 package/bind/bind.mk                     | 4 ++++
 package/cmake/cmake.mk                   | 2 ++
 package/coreutils/coreutils.mk           | 4 ++++
 package/flex/flex.mk                     | 3 +++
 package/hostapd/hostapd.mk               | 2 ++
 package/ncurses/ncurses.mk               | 6 ++++++
 package/rsyslog/rsyslog.mk               | 4 ++++
 package/tar/tar.mk                       | 2 ++
 package/wpa_supplicant/wpa_supplicant.mk | 2 ++
 9 files changed, 29 insertions(+)

-- 
2.17.1



More information about the buildroot mailing list