package/ripgrep: ignore CVE-2021-3013 as Windows only
CVE-2021-3013 does not impact any buildroot versions of ripgrep as it is a Windows-only exploit targeting ripgrep versions earlier than 13. It can be safely ignored on our LTS branches. https://nvd.nist.gov/vuln/detail/CVE-2021-3013 Signed-off-by: Sam Voss <sam.voss@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
parent
f4ef8fdda0
commit
641beb3217
@ -10,6 +10,9 @@ RIPGREP_LICENSE = MIT
|
||||
RIPGREP_LICENSE_FILES = LICENSE-MIT
|
||||
RIPGREP_CPE_ID_VENDOR = ripgrep_project
|
||||
|
||||
# CVE only impacts ripgrep on Windows
|
||||
RIPGREP_IGNORE_CVES += CVE-2021-3013
|
||||
|
||||
RIPGREP_DEPENDENCIES = host-rustc
|
||||
RIPGREP_CARGO_ENV = CARGO_HOME=$(HOST_DIR)/share/cargo \
|
||||
__CARGO_TEST_CHANNEL_OVERRIDE_DO_NOT_USE_THIS="nightly" \
|
||||
|
Loading…
Reference in New Issue
Block a user