package/libcoap: ignore CVE-2023-35862

According to a collaborator [0] the affected code isn't in 4.3.1 [0]: https://github.com/obgm/libcoap/issues/1117 Signed-off-by: Daniel Lang <dalang@gmx.at> Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
2023-09-06 21:44:19 +02:00 · 2023-09-06 21:44:19 +02:00 · 20c023a3b1
commit 20c023a3b1
parent 868be6f6ae
1 changed files with 2 additions and 0 deletions
--- a/package/libcoap/libcoap.mk
+++ b/package/libcoap/libcoap.mk
@ -16,6 +16,8 @@ LIBCOAP_CONF_OPTS = \
 LIBCOAP_AUTORECONF = YES
 # 0001-Backport-fix-for-CVE-2023-30362.patch
 LIBCOAP_IGNORE_CVES += CVE-2023-30362
+# Doesn't affect 4.3.1, see https://github.com/obgm/libcoap/issues/1117
+LIBCOAP_IGNORE_CVES += CVE-2023-35862

 ifeq ($(BR2_PACKAGE_GNUTLS),y)
 LIBCOAP_DEPENDENCIES += gnutls