[Buildroot] [PATCH 2/4] package/libssh: ignore CVE-2025-5318
Titouan Christophe
titouan.christophe at mind.be
Thu Oct 23 14:05:25 UTC 2025
Signed-off-by: Titouan Christophe <titouan.christophe at mind.be>
---
package/libssh/libssh.mk | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/package/libssh/libssh.mk b/package/libssh/libssh.mk
index 3c7e77a206..2be9013454 100644
--- a/package/libssh/libssh.mk
+++ b/package/libssh/libssh.mk
@@ -17,6 +17,10 @@ LIBSSH_CONF_OPTS = \
-DWITH_STACK_PROTECTOR=OFF \
-DWITH_EXAMPLES=OFF
+# NVD database is missing an upper version specifier.
+# This vulnerability only affects libssh<0.11.2
+LIBSSH_IGNORE_CVES = CVE-2025-5318
+
ifeq ($(BR2_ARM_INSTRUCTIONS_THUMB),y)
LIBSSH_CONF_OPTS += -DWITH_STACK_CLASH_PROTECTION=OFF
endif
--
2.51.0
More information about the buildroot
mailing list