@@ -11,6 +11,12 @@ NCURSES_DEPENDENCIES = host-ncurses
NCURSES_LICENSE = MIT with advertising clause
NCURSES_LICENSE_FILES = COPYING
NCURSES_CPE_ID_VENDOR = gnu
+# Commit 4b21273d71d09 added upstream (security) patches up to 20200118
+NCURSES_IGNORE_CVES += CVE-2018-10754
+NCURSES_IGNORE_CVES += CVE-2018-19211
+NCURSES_IGNORE_CVES += CVE-2018-19217
+NCURSES_IGNORE_CVES += CVE-2019-17594
+NCURSES_IGNORE_CVES += CVE-2019-17595
NCURSES_CONFIG_SCRIPTS = ncurses$(NCURSES_LIB_SUFFIX)6-config
NCURSES_PATCH = \
$(addprefix https://invisible-mirror.net/archives/ncurses/$(NCURSES_VERSION)/, \
Commit 4b21273d71d09 added upstream (security) patches up to 20200118 and in the commit description it outlines these CVEs were patched. Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- package/ncurses/ncurses.mk | 6 ++++++ 1 file changed, 6 insertions(+)