package/postgresql: ignore CVE-2017-8806

CVE-2017-8806 is related to postgresql-common package, as present in Debian and its derivatives; Buildroot does not have that package. It is false positive for postgresql, so ignore it. To be noted, is that a similar CVE [0] applied to postgresql itself, as stated in [1], but that was fixed a while ago [2], and we need not ignore it. [0] https://nvd.nist.gov/vuln/detail/CVE-2017-12172 [1] https://ubuntu.com/security/CVE-2017-8806 [2] https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=dfc015dcf46c1996bd7ed5866e9e045d258604b3 Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2023-03-13 09:13:23 +03:00 · 2023-03-13 09:13:23 +03:00 · 6104b62d95
commit 6104b62d95
parent e538824692
1 changed files with 4 additions and 0 deletions
--- a/package/postgresql/postgresql.mk
+++ b/package/postgresql/postgresql.mk
@ -19,6 +19,10 @@ POSTGRESQL_CONF_ENV = \
 POSTGRESQL_CONF_OPTS = --disable-rpath
 POSTGRESQL_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES)

+# CVE-2017-8806 is related to postgresql-common package
+# It is false positive for postgresql
+POSTGRESQL_IGNORE_CVES += CVE-2017-8806
+
 # https://www.postgresql.org/docs/11/static/install-procedure.html:
 # "If you want to invoke the build from another makefile rather than
 # manually, you must unset MAKELEVEL or set it to zero"