[Buildroot] [PATCH 2/2] package/lightning: [revert]ignore not applicable CVE-2020-7747
Matthew Weber
matthew.weber at collins.com
Mon Oct 18 21:40:14 UTC 2021
This reverts commit 613953f8217bf5b27489e0a939147ef7c74c3f7a.
A new CPE ID was assigned by NIST and this whitelist can be
dropped as the package is setup to use the correct CPE (Not
to be confused with the other lightning-* packages which show
up when a free txt search is used to find the CVE.)
Cc: Paul Cercueil <paul at crapouillou.net>
Cc: Yann E. MORIN <yann.morin.1998 at free.fr>
Signed-off-by: Matthew Weber <matthew.weber at collins.com>
---
package/lightning/lightning.mk | 4 ----
1 file changed, 4 deletions(-)
diff --git a/package/lightning/lightning.mk b/package/lightning/lightning.mk
index c0036e5cd1..da8c07e61f 100644
--- a/package/lightning/lightning.mk
+++ b/package/lightning/lightning.mk
@@ -13,10 +13,6 @@ LIGHTNING_CPE_ID_VENDOR = gnu
# We're patching include/Makefile.am
LIGHTNING_AUTORECONF = YES
-# CVE-2020-7747 is for the Javascript lightning-server project, and not for
-# GNU Lightning.
-LIGHTNING_IGNORE_CVES = CVE-2020-7747
-
ifeq ($(BR2_PACKAGE_LIGHTNING_DISASSEMBLER),y)
LIGHTNING_DEPENDENCIES += binutils zlib
LIGHTNING_CONF_OPTS += --enable-disassembler
--
2.17.1
More information about the buildroot
mailing list