From 829610c701ba322514facd8e24ef4b9518a00601 Mon Sep 17 00:00:00 2001 From: Thomas Petazzoni Date: Mon, 28 Aug 2023 23:22:20 +0200 Subject: [PATCH] package/heirloom-mailx: ignore CVE-2004-2771 The CVE-2004-2771 is already fixed by the Debian patch 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch. The Debian patch description is: Subject: [PATCH 4/4] globname: Invoke wordexp with WRDE_NOCMD (CVE-2004-2771) See also https://marc.info/?l=oss-security&m=141875285203183&w=2 for more details. Signed-off-by: Thomas Petazzoni Signed-off-by: Arnout Vandecappelle --- package/heirloom-mailx/heirloom-mailx.mk | 2 ++ 1 file changed, 2 insertions(+) diff --git a/package/heirloom-mailx/heirloom-mailx.mk b/package/heirloom-mailx/heirloom-mailx.mk index bb2e1f48de..063fccf5eb 100644 --- a/package/heirloom-mailx/heirloom-mailx.mk +++ b/package/heirloom-mailx/heirloom-mailx.mk @@ -14,6 +14,8 @@ HEIRLOOM_MAILX_CPE_ID_VENDOR = heirloom HEIRLOOM_MAILX_CPE_ID_PRODUCT = mailx # 0011-outof-Introduce-expandaddr-flag.patch in the Debian patches HEIRLOOM_MAILX_IGNORE_CVES += CVE-2014-7844 +# 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch in the Debian patches +HEIRLOOM_MAILX_IGNORE_CVES += CVE-2004-2771 ifeq ($(BR2_PACKAGE_OPENSSL),y) HEIRLOOM_MAILX_DEPENDENCIES += openssl