From 93921d96d53f17015c1d67f4d4f581194416c7c5 Mon Sep 17 00:00:00 2001 From: Daniel Lang Date: Thu, 21 Sep 2023 06:15:18 +0200 Subject: [PATCH] package/sysstat: drop CVE-2022-39377 from IGNORE_CVES As off 2022-11-22 CVE-2022-39377 is listed as affecting sysstat < 2.16.1 instead of < 2.17.1. The text is not updated, but the CPE info is. Signed-off-by: Daniel Lang Signed-off-by: Arnout Vandecappelle (cherry picked from commit 6425e0b8482e53d5ab5ff2d655628ba7d4be3960) Signed-off-by: Peter Korsgaard --- package/sysstat/sysstat.mk | 3 --- 1 file changed, 3 deletions(-) diff --git a/package/sysstat/sysstat.mk b/package/sysstat/sysstat.mk index eaf505dc49..377396d986 100644 --- a/package/sysstat/sysstat.mk +++ b/package/sysstat/sysstat.mk @@ -14,9 +14,6 @@ SYSSTAT_LICENSE_FILES = COPYING SYSSTAT_CPE_ID_VENDOR = sysstat_project SYSSTAT_SELINUX_MODULES = sysstat -# NVD is not up-to-date; 12.6.1 includes c1e631eddc50, which fixes the issue -SYSSTAT_IGNORE_CVES += CVE-2022-39377 - ifeq ($(BR2_PACKAGE_LM_SENSORS),y) SYSSTAT_DEPENDENCIES += lm-sensors SYSSTAT_CONF_OPTS += --enable-sensors