From 613953f8217bf5b27489e0a939147ef7c74c3f7a Mon Sep 17 00:00:00 2001 From: Paul Cercueil Date: Fri, 15 Oct 2021 22:50:03 +0100 Subject: [PATCH] package/lightning: ignore not applicable CVE-2020-7747 CVE-2020-7747 applies to the Javascript lightning-server project, and not to the GNU Lightning project: https://nvd.nist.gov/vuln/detail/CVE-2020-7747 Signed-off-by: Paul Cercueil [yann.morin.1998@free.fr: reword commit log; add URL] Signed-off-by: Yann E. MORIN --- package/lightning/lightning.mk | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package/lightning/lightning.mk b/package/lightning/lightning.mk index 3bd17bef56..38b132e082 100644 --- a/package/lightning/lightning.mk +++ b/package/lightning/lightning.mk @@ -12,6 +12,10 @@ LIGHTNING_INSTALL_STAGING = YES # We're patching include/Makefile.am LIGHTNING_AUTORECONF = YES +# CVE-2020-7747 is for the Javascript lightning-server project, and not for +# GNU Lightning. +LIGHTNING_IGNORE_CVES = CVE-2020-7747 + ifeq ($(BR2_PACKAGE_LIGHTNING_DISASSEMBLER),y) LIGHTNING_DEPENDENCIES += binutils zlib LIGHTNING_CONF_OPTS += --enable-disassembler