package/cmake: ignore CVE-2016-10642
This is specific to the npm package that installs cmake, so isn't
relevant to Buildroot.
14241ed09f/meta/recipes-devtools/cmake/cmake.inc
https://nvd.nist.gov/vuln/detail/CVE-2016-10642#vulnCurrentDescriptionTitle
"cmake installs the cmake x86 linux binaries. cmake downloads
binary resources over HTTP, which leaves it vulnerable to
MITM attacks. It may be possible to cause remote code
execution (RCE) by swapping out the requested binary with
an attacker controlled binary if the attacker is on the
network or positioned in between the user and the remote server."
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
parent
23fb8dd2d0
commit
5ce1e773b9
@ -10,6 +10,8 @@ CMAKE_SITE = https://cmake.org/files/v$(CMAKE_VERSION_MAJOR)
|
|||||||
CMAKE_LICENSE = BSD-3-Clause
|
CMAKE_LICENSE = BSD-3-Clause
|
||||||
CMAKE_LICENSE_FILES = Copyright.txt
|
CMAKE_LICENSE_FILES = Copyright.txt
|
||||||
CMAKE_CPE_ID_VENDOR = cmake_project
|
CMAKE_CPE_ID_VENDOR = cmake_project
|
||||||
|
# Tool download MITM attack warning if using npm package to install cmake
|
||||||
|
CMAKE_IGNORE_CVES = CVE-2016-10642
|
||||||
|
|
||||||
# CMake is a particular package:
|
# CMake is a particular package:
|
||||||
# * CMake can be built using the generic infrastructure or the cmake one.
|
# * CMake can be built using the generic infrastructure or the cmake one.
|
||||||
|
Loading…
Reference in New Issue
Block a user