NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/lz4: annotate CVE-2014-4715

Browse Source 
CVE-2014-4715 is misclassified (by our CVE tracker) as affecting
version 1.9.2, while in fact this issue has been fixed since lz4-r130:
140e6e72dd

See https://github.com/lz4/lz4/issues/818

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Fabrice Fontaine 2020-03-28 10:51:38 +01:00 committed by Thomas Petazzoni
parent 69b51259a2
commit 45db4bb08e
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package/lz4/lz4.mk
View File

@ -10,6 +10,12 @@ LZ4_INSTALL_STAGING = YES
LZ4_LICENSE = BSD-2-Clause (library), GPL-2.0+ (programs)
LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING
# CVE-2014-4715 is misclassified (by our CVE tracker) as affecting version
# 1.9.2, while in fact this issue has been fixed since lz4-r130:
# https://github.com/lz4/lz4/commit/140e6e72ddb6fc5f7cd28ce0c8ec3812ef4a9c08
# See https://github.com/lz4/lz4/issues/818
LZ4_IGNORE_CVES += CVE-2014-4715
ifeq ($(BR2_STATIC_LIBS),y)
LZ4_MAKE_OPTS += BUILD_SHARED=no
else ifeq ($(BR2_SHARED_LIBS),y)