[Buildroot] [PATCH v2 14/15] package/dovecot: remove stale IGNORE_CVES
Thomas Perale
thomas.perale at mind.be
Tue Dec 30 08:19:16 UTC 2025
Since Buildroot commit [1] the CVEs are no longer matched to CPEs with
versions using '-'.
These IGNORE_CVES entry introduced in [2] is then no longer matched to
the dovecot package.
For more information, see the explanation in commit [1].
[1] 35f376d88e support/scripts/cve.py: fix CPE matching
[2] 948e71689a package/dovecot: ignore CVE-2016-4983
Signed-off-by: Thomas Perale <thomas.perale at mind.be>
---
package/dovecot/dovecot.mk | 5 -----
1 file changed, 5 deletions(-)
diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk
index 6612787a94..a4c799221c 100644
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -21,12 +21,7 @@ DOVECOT_DEPENDENCIES = \
$(if $(BR2_PACKAGE_LIBICONV),libiconv) \
openssl
-# CVE-2016-4983 is an issue in a postinstall script in the dovecot rpm, which
-# is part of the Red Hat packaging and not part of upstream dovecot
-DOVECOT_IGNORE_CVES += CVE-2016-4983
-
# 0001-auth-Fix-handling-passdbs-with-identical-driver-args.patch
-
# Note: this ignore CVE entry is reported as stale by pkg-stats, but
# the NVD database is incorrect:
# https://lore.kernel.org/buildroot/20250517181815.02ce0393@windsurf/
--
2.52.0
More information about the buildroot
mailing list