[Buildroot] [PATCH 1/1] package/apparmor: ignore CVE-2016-1585
Raphaël Mélotte
raphael.melotte at mind.be
Mon Apr 14 14:11:48 UTC 2025
CVE-2016-1585 is fixed in the following versions:
apparmor 3.1.6 https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
apparmor 3.0.12 https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.12
apparmor 2.13.10 https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.10
See the bug report at [1] and in particular the comment at [2].
The NVD CPE does not contain version numbers, so our CVE checker still
reports it.
The issue was reported to the NVD by email, but in the meantime let's
ignore it to reduce the noise in our CVE checker.
[1]: https://bugs.launchpad.net/apparmor/+bug/1597017
[2]: https://bugs.launchpad.net/apparmor/+bug/1597017/comments/9
Signed-off-by: Raphaël Mélotte <raphael.melotte at mind.be>
---
package/apparmor/apparmor.mk | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/apparmor/apparmor.mk b/package/apparmor/apparmor.mk
index 61e62c7515..0fa56a00f0 100644
--- a/package/apparmor/apparmor.mk
+++ b/package/apparmor/apparmor.mk
@@ -14,6 +14,10 @@ APPARMOR_LICENSE = GPL-2.0
APPARMOR_LICENSE_FILES = LICENSE parser/COPYING.GPL
APPARMOR_CPE_ID_VENDOR = canonical
+# The following CVE was fixed in 3.1.4 but the NVD CPE does not
+# contain version numbers
+APPARMOR_IGNORE_CVES += CVE-2016-1585
+
APPARMOR_DEPENDENCIES = libapparmor
APPARMOR_TOOLS = parser
--
2.49.0
More information about the buildroot
mailing list