[Buildroot] [PATCH] package/mender: ignore mender CVE because it doesn't affect the client package
Titouan Christophe
titouan.christophe at mind.be
Tue May 6 14:52:36 UTC 2025
CVE-2024-46948 only affects the device management and update server part
of Mender, and not the client running on the devices
Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
---
package/mender/mender.mk | 2 ++
1 file changed, 2 insertions(+)
diff --git a/package/mender/mender.mk b/package/mender/mender.mk
index 146e6b2b73..1050277db1 100644
--- a/package/mender/mender.mk
+++ b/package/mender/mender.mk
@@ -8,6 +8,8 @@ MENDER_VERSION = 3.5.3
MENDER_SITE = $(call github,mendersoftware,mender,$(MENDER_VERSION))
MENDER_LICENSE = Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MIT, OLDAP-2.8
MENDER_CPE_ID_VENDOR = northern.tech
+# CVE-2024-46948 only affects mender-server
+MENDER_IGNORE_CVES = CVE-2024-46948
# Vendor license paths generated with:
# awk '{print $2}' LIC_FILES_CHKSUM.sha256 | grep vendor
--
2.49.0
More information about the buildroot
mailing list