NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/heirloom-mailx: ignore CVE-2004-2771

Browse Source 
The CVE-2004-2771 is already fixed by the Debian patch
0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch. The Debian patch
description is:

Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771)

See also https://marc.info/?l=oss-security&m=141875285203183&w=2 for
more details.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
(cherry picked from commit 829610c701)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Thomas Petazzoni 2023-08-28 23:22:20 +02:00 committed by Peter Korsgaard
parent fffed388de
commit 1a7879b652
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/heirloom-mailx/heirloom-mailx.mk
View File

@ -14,6 +14,8 @@ HEIRLOOM_MAILX_CPE_ID_VENDOR = heirloom
HEIRLOOM_MAILX_CPE_ID_PRODUCT = mailx
# 0011-outof-Introduce-expandaddr-flag.patch in the Debian patches
HEIRLOOM_MAILX_IGNORE_CVES += CVE-2014-7844
# 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch in the Debian patches
HEIRLOOM_MAILX_IGNORE_CVES += CVE-2004-2771
ifeq ($(BR2_PACKAGE_OPENSSL),y)
HEIRLOOM_MAILX_DEPENDENCIES += openssl