[Buildroot] [PATCH v2 11/15] package/glibc: remove stale IGNORE_CVES
Thomas Perale
thomas.perale at mind.be
Tue Dec 30 08:19:13 UTC 2025
Since Buildroot commit [1] the CVEs are no longer matched to CPEs with
versions using '-'.
These IGNORE_CVES entries introduced in [2] are then no longer matched to
the glibc package.
For more information, see the explanation in commit [1].
[1] 35f376d88e support/scripts/cve.py: fix CPE matching
[2] adaae82c58 package/glibc: ignore CVEs not considered as security issues by upstream
Signed-off-by: Thomas Perale <thomas.perale at mind.be>
---
package/glibc/glibc.mk | 13 ++-----------
1 file changed, 2 insertions(+), 11 deletions(-)
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index a7727cbad8..924274a7d6 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -34,19 +34,10 @@ GLIBC_IGNORE_CVES += CVE-2025-5702
# Fixed by glibc-2.41-64-g1e16d0096d80a6e12d5bfa8e0aafdd13c47efd65
GLIBC_IGNORE_CVES += CVE-2025-8058
-# All these CVEs are considered as not being security issues by
+# This CVE is considered as not being security issues by
# upstream glibc:
# https://security-tracker.debian.org/tracker/CVE-2010-4756
-# https://security-tracker.debian.org/tracker/CVE-2019-1010022
-# https://security-tracker.debian.org/tracker/CVE-2019-1010023
-# https://security-tracker.debian.org/tracker/CVE-2019-1010024
-# https://security-tracker.debian.org/tracker/CVE-2019-1010025
-GLIBC_IGNORE_CVES += \
- CVE-2010-4756 \
- CVE-2019-1010022 \
- CVE-2019-1010023 \
- CVE-2019-1010024 \
- CVE-2019-1010025
+GLIBC_IGNORE_CVES += CVE-2010-4756
# glibc is part of the toolchain so disable the toolchain dependency
GLIBC_ADD_TOOLCHAIN_DEPENDENCY = NO
--
2.52.0
More information about the buildroot
mailing list