Message ID | 20220203094746.22715-1-br015@umbiko.net |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/mpd: ignore CVE-2020-746[56] intended for FreeBSD PPP daemon | expand |
On 03/02/2022 10:47, Andreas Ziegler wrote: > cpe:2.3:a:mpd_project:mpd:*:*:*:*:*:*:*:* is not a valid CPE > identifier for mpd (musicpd.org); this string refers to > MPD /FreeBSD PPP daemon (sourceforge.net/projects/mpd) > > Since mpd does not have entries in the CVE database, put these > two CVE identifiers on the mpd ignore list: > > https://nvd.nist.gov/vuln/detail/CVE-2020-7465 > https://nvd.nist.gov/vuln/detail/CVE-2020-7466 > > Signed-off-by: Andreas Ziegler <br015@umbiko.net> Applied to master, thanks. Regards, Arnout > --- > package/mpd/mpd.mk | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/package/mpd/mpd.mk b/package/mpd/mpd.mk > index 6f01b29c6d..a55e4adde2 100644 > --- a/package/mpd/mpd.mk > +++ b/package/mpd/mpd.mk > @@ -11,6 +11,8 @@ MPD_SITE = https://www.musicpd.org/download/mpd/$(MPD_VERSION_MAJOR) > MPD_DEPENDENCIES = host-pkgconf boost fmt > MPD_LICENSE = GPL-2.0+ > MPD_LICENSE_FILES = COPYING > +# these refer to the FreeBSD PPP daemon > +MPD_IGNORE_CVES = CVE-2020-7465 CVE-2020-7466 > MPD_SELINUX_MODULES = mpd > MPD_CONF_OPTS = \ > -Daudiofile=disabled \
>>>>> "Andreas" == Andreas Ziegler <br015@umbiko.net> writes: > cpe:2.3:a:mpd_project:mpd:*:*:*:*:*:*:*:* is not a valid CPE > identifier for mpd (musicpd.org); this string refers to > MPD /FreeBSD PPP daemon (sourceforge.net/projects/mpd) > Since mpd does not have entries in the CVE database, put these > two CVE identifiers on the mpd ignore list: > https://nvd.nist.gov/vuln/detail/CVE-2020-7465 > https://nvd.nist.gov/vuln/detail/CVE-2020-7466 > Signed-off-by: Andreas Ziegler <br015@umbiko.net> Committed to 2021.02.x and 2021.11.x, thanks.
diff --git a/package/mpd/mpd.mk b/package/mpd/mpd.mk index 6f01b29c6d..a55e4adde2 100644 --- a/package/mpd/mpd.mk +++ b/package/mpd/mpd.mk @@ -11,6 +11,8 @@ MPD_SITE = https://www.musicpd.org/download/mpd/$(MPD_VERSION_MAJOR) MPD_DEPENDENCIES = host-pkgconf boost fmt MPD_LICENSE = GPL-2.0+ MPD_LICENSE_FILES = COPYING +# these refer to the FreeBSD PPP daemon +MPD_IGNORE_CVES = CVE-2020-7465 CVE-2020-7466 MPD_SELINUX_MODULES = mpd MPD_CONF_OPTS = \ -Daudiofile=disabled \
cpe:2.3:a:mpd_project:mpd:*:*:*:*:*:*:*:* is not a valid CPE identifier for mpd (musicpd.org); this string refers to MPD /FreeBSD PPP daemon (sourceforge.net/projects/mpd) Since mpd does not have entries in the CVE database, put these two CVE identifiers on the mpd ignore list: https://nvd.nist.gov/vuln/detail/CVE-2020-7465 https://nvd.nist.gov/vuln/detail/CVE-2020-7466 Signed-off-by: Andreas Ziegler <br015@umbiko.net> --- package/mpd/mpd.mk | 2 ++ 1 file changed, 2 insertions(+)