[Buildroot] [git commit branch/next] package/libuci: ignore CVE-2019-15513
Yann E. MORIN
yann.morin.1998 at free.fr
Tue Aug 3 21:11:20 UTC 2021
commit: https://git.buildroot.net/buildroot/commit/?id=46273a8eb92171b3c70a6b2750549329a0d4ccba
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/next
CVE-2019-15513 was fixed upstream in 2015 with commit
19e29ffc15dbd958e8e6a648ee0982c68353516f, which is older than the commit
we currently use in LIBUCI_VERSION.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
[yann.morin.1998 at free.fr: reword comment and commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
---
package/libuci/libuci.mk | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/libuci/libuci.mk b/package/libuci/libuci.mk
index a8922a96e1..0d0b78036e 100644
--- a/package/libuci/libuci.mk
+++ b/package/libuci/libuci.mk
@@ -12,6 +12,9 @@ LIBUCI_CPE_ID_VENDOR = openwrt
LIBUCI_INSTALL_STAGING = YES
LIBUCI_DEPENDENCIES = libubox
+# Fixed in commit 19e29ffc15dbd958e8e6a648ee0982c68353516f, older than LIBUCI_VERSION
+LIBUCI_IGNORE_CVES += CVE-2019-15513
+
ifeq ($(BR2_PACKAGE_LUA_5_1),y)
LIBUCI_DEPENDENCIES += lua
LIBUCI_CONF_OPTS += -DBUILD_LUA=ON \
More information about the buildroot
mailing list