[Buildroot] [PATCH 0/4] Ignore some CVEs with inacurrate version specifiers in NVD
Titouan Christophe
titouan.christophe at mind.be
Thu Oct 23 14:05:23 UTC 2025
Some CVEs have incomplete or inacurrate "Known Affected Software Configurations"
in the NVD database, and they are therefore incorrectly reported in Buildroot
packages. I've sent a request to NVD to update them [1], but in the meantime,
let's ignore them in Buildroot.
[1] https://lore.kernel.org/buildroot/34229503-5bda-4427-9dea-17ea1dd4a688@mind.be/
Titouan Christophe (4):
package/freerdp: ignore CVE-2025-4478
package/libssh: ignore CVE-2025-5318
package/openvmtools: ignore CVE-2021-31693
package/tpm2-tss: ignore CVE-2023-22745
package/freerdp/freerdp.mk | 4 ++++
package/libssh/libssh.mk | 4 ++++
package/openvmtools/openvmtools.mk | 4 ++++
package/tpm2-tss/tpm2-tss.mk | 4 ++++
4 files changed, 16 insertions(+)
--
2.51.0
More information about the buildroot
mailing list