[Buildroot] [git commit branch/2021.02.x] package/ripgrep: ignore CVE-2021-3013 as Windows only

Peter Korsgaard peter at korsgaard.com
Wed Oct 6 15:19:22 UTC 2021


commit: https://git.buildroot.net/buildroot/commit/?id=03952dfb735b17ef712cf7ce377f0bb563779d43
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2021.02.x

CVE-2021-3013 does not impact any buildroot versions of ripgrep as it is
a Windows-only exploit targeting ripgrep versions earlier than 13. It
can be safely ignored on our LTS branches.

    https://nvd.nist.gov/vuln/detail/CVE-2021-3013

Signed-off-by: Sam Voss <sam.voss at gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998 at free.fr>
(cherry picked from commit 641beb3217ce1686772c80ac9e2cf815d72f1624)
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
---
 package/ripgrep/ripgrep.mk | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/package/ripgrep/ripgrep.mk b/package/ripgrep/ripgrep.mk
index 313f73624d..8bc80dd20f 100644
--- a/package/ripgrep/ripgrep.mk
+++ b/package/ripgrep/ripgrep.mk
@@ -10,6 +10,9 @@ RIPGREP_LICENSE = MIT
 RIPGREP_LICENSE_FILES = LICENSE-MIT
 RIPGREP_CPE_ID_VENDOR = ripgrep_project
 
+# CVE only impacts ripgrep on Windows
+RIPGREP_IGNORE_CVES += CVE-2021-3013
+
 RIPGREP_DEPENDENCIES = host-rustc
 RIPGREP_CARGO_ENV = CARGO_HOME=$(HOST_DIR)/share/cargo
 


More information about the buildroot mailing list