From patchwork Sat Jul 18 08:11:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Guillaume Bres X-Patchwork-Id: 1331503 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=L0oCaadL; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B811Q442Sz9sRN for ; Sat, 18 Jul 2020 18:12:10 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id DF9FE877FC; Sat, 18 Jul 2020 08:12:06 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sECbjnY2+cST; Sat, 18 Jul 2020 08:12:04 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id C3D69877D4; Sat, 18 Jul 2020 08:12:04 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id AD7BB1BF20D for ; Sat, 18 Jul 2020 08:12:03 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id A2147877D4 for ; Sat, 18 Jul 2020 08:12:03 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nA9p60s0qJ-H for ; Sat, 18 Jul 2020 08:12:03 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f65.google.com (mail-wm1-f65.google.com [209.85.128.65]) by whitealder.osuosl.org (Postfix) with ESMTPS id D018D87727 for ; Sat, 18 Jul 2020 08:12:02 +0000 (UTC) Received: by mail-wm1-f65.google.com with SMTP id 22so17844281wmg.1 for ; Sat, 18 Jul 2020 01:12:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=MLi1dmPF5Qz+q+JrfPiMh84YV7IcVyUs+PxYGxvXVes=; b=L0oCaadLzQQsOHFhYGIEMG/5hyrmYzirkNUT0RQwHqa4mSQmehjGis5qv8uHQR7eLB U/6Sk3AxCOVELhVknf4FvuDIyLe5pAz74th56rcz9SkBp1ChZq4q1nNZOaFYjM2R+qW0 ZHs6bKci3eruqS10CqvSkZg7JH9YmaC5MKu+x0b9QvPbd/CykTqbWK1wDZq3h47jzBvY gL0HwUx0vUGsE4cUhB7Ibx8vvBekiu6G1amLQCEQufUalwgUMIGMLJbCi7I8JeATVgo6 mTl3LLbFAaakPq1a3JlDoqPZA6sEQywn1m3RPwbZZa+HnK5scmcx0IAQJEB8EhHfX8PW W/WA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=MLi1dmPF5Qz+q+JrfPiMh84YV7IcVyUs+PxYGxvXVes=; b=BextZc0IjSQfJrVQcNMn7Yqp/UW5zZS41Whn1SjeS97VyoOsDXhIEAL8BoRr4CRMu4 2bYpbBqEuaQbtgMZAc1AhdDXuzcwi6GhG1PyPf6FUN3QuwRk7/3yNO2dviVlVQUkhqGn hid23etHZ8huhsbnecqvkqKkOLDVKjOfUy5VA6dutUGpnCzBOHFXNqPDcZ+mKfJHrcFB fjXDP02oWu23FenKd0Dv9KeqhDMYi6uumIPPS7sVI4EwtOBJiixuzGAykd7piSF90BZ5 uZefVB7JRJ1657SivbbT5jIvvOA+rM7Kbz90g/b9hTYnf2s8TrqXOzJ7nhBPIfPs1Kgs JzFg== X-Gm-Message-State: AOAM533C/faeDvE/nEhRiAnmDBwz9FGeMpZvsGVVW/bNkHMkkSl/R5k/ k1K0JHmZZbW1CdNp69VxQfcuHY+9 X-Google-Smtp-Source: ABdhPJxs8+GZtmbUb28xzLiM7bSi93Q3t3slMP1VwnviAH5rpzo7koZZ/WZYKbe5AIW1Wo9SRLAxYg== X-Received: by 2002:a1c:a949:: with SMTP id s70mr13859014wme.137.1595059921074; Sat, 18 Jul 2020 01:12:01 -0700 (PDT) Received: from pc-140.home ([2a01:cb1c:794:2300:d109:33e7:bc94:49e5]) by smtp.gmail.com with ESMTPSA id 1sm17555187wmf.0.2020.07.18.01.12.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 Jul 2020 01:12:00 -0700 (PDT) From: guillaume.bressaix@gmail.com To: buildroot@busybox.net Date: Sat, 18 Jul 2020 10:11:54 +0200 Message-Id: <20200718081154.15819-1-guillaume.bressaix@gmail.com> X-Mailer: git-send-email 2.20.1 MIME-Version: 1.0 Subject: [Buildroot] [PATCH 1/1] package/libnids: ignore CVE-2010-0751 X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: "Guillaume W. Bres" Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" From: "Guillaume W. Bres" This CVE is falsely reported because it was fixed in package version 1.24 (which we are using). Ignore this CVE until the database is updated. Signed-off-by: Guillaume W. Bres --- package/libnids/libnids.mk | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/package/libnids/libnids.mk b/package/libnids/libnids.mk index 4a67215242..a7e8f5514a 100644 --- a/package/libnids/libnids.mk +++ b/package/libnids/libnids.mk @@ -39,4 +39,9 @@ endif LIBNIDS_INSTALL_STAGING_OPTS = install_prefix=$(STAGING_DIR) install LIBNIDS_INSTALL_TARGET_OPTS = install_prefix=$(TARGET_DIR) install +# CVE-2010-0751 was fixed in libnids v1.24 +# but the NVD database is not aware of the fix, +# ignore it until this is updated +LIBNIDS_IGNORE_CVES += CVE-2010-0751 + $(eval $(autotools-package))