From 94716fdb481247e962aa646ee1a95852d03db700 Mon Sep 17 00:00:00 2001 From: Thomas Petazzoni Date: Mon, 28 Aug 2023 23:22:19 +0200 Subject: [PATCH] package/heirloom-mailx: fix comment about ignore CVE-2014-7844 In commit 15972770cf34ed0b0ba330e3cc42c04f1c80c3c8 ("package/heirloom-mailx: security bump to version 12.5-5 from Debian"), we added CVE-2014-7844 in HEIRLOOM_MAILX_IGNORE_CVES, but with the wrong comment about it: it is a different patch in the Debian stack of patches that fixes it. Indeed the description of patch 0011-outof-Introduce-expandaddr-flag.patch is: ===================================================================== Subject: [PATCH 1/4] outof: Introduce expandaddr flag Document that address expansion is disabled unless the expandaddr binary option is set. This has been assigned CVE-2014-7844 for BSD mailx, but it is not a vulnerability in Heirloom mailx because this feature was documented. ===================================================================== See also https://marc.info/?l=oss-security&m=141875285203183&w=2 for details. Signed-off-by: Thomas Petazzoni Signed-off-by: Arnout Vandecappelle --- package/heirloom-mailx/heirloom-mailx.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/heirloom-mailx/heirloom-mailx.mk b/package/heirloom-mailx/heirloom-mailx.mk index d3b8ad437a..bb2e1f48de 100644 --- a/package/heirloom-mailx/heirloom-mailx.mk +++ b/package/heirloom-mailx/heirloom-mailx.mk @@ -12,7 +12,7 @@ HEIRLOOM_MAILX_LICENSE = BSD-4-Clause, Bellcore (base64), OpenVision (imap_gssap HEIRLOOM_MAILX_LICENSE_FILES = COPYING HEIRLOOM_MAILX_CPE_ID_VENDOR = heirloom HEIRLOOM_MAILX_CPE_ID_PRODUCT = mailx -# 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch in the Debian patches +# 0011-outof-Introduce-expandaddr-flag.patch in the Debian patches HEIRLOOM_MAILX_IGNORE_CVES += CVE-2014-7844 ifeq ($(BR2_PACKAGE_OPENSSL),y)