package/heirloom-mailx: fix comment about ignore CVE-2014-7844

In commit
15972770cf ("package/heirloom-mailx:
security bump to version 12.5-5 from Debian"), we added CVE-2014-7844
in HEIRLOOM_MAILX_IGNORE_CVES, but with the wrong comment about it: it
is a different patch in the Debian stack of patches that fixes
it. Indeed the description of patch
0011-outof-Introduce-expandaddr-flag.patch is:

=====================================================================
Subject: [PATCH 1/4] outof: Introduce expandaddr flag

Document that address expansion is disabled unless the expandaddr
binary option is set.

This has been assigned CVE-2014-7844 for BSD mailx, but it is not
a vulnerability in Heirloom mailx because this feature was documented.
=====================================================================

See also https://marc.info/?l=oss-security&m=141875285203183&w=2 for
details.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This commit is contained in:
Thomas Petazzoni 2023-08-28 23:22:19 +02:00 committed by Arnout Vandecappelle
parent cf686670b9
commit 94716fdb48

View File

@ -12,7 +12,7 @@ HEIRLOOM_MAILX_LICENSE = BSD-4-Clause, Bellcore (base64), OpenVision (imap_gssap
HEIRLOOM_MAILX_LICENSE_FILES = COPYING HEIRLOOM_MAILX_LICENSE_FILES = COPYING
HEIRLOOM_MAILX_CPE_ID_VENDOR = heirloom HEIRLOOM_MAILX_CPE_ID_VENDOR = heirloom
HEIRLOOM_MAILX_CPE_ID_PRODUCT = mailx HEIRLOOM_MAILX_CPE_ID_PRODUCT = mailx
# 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch in the Debian patches # 0011-outof-Introduce-expandaddr-flag.patch in the Debian patches
HEIRLOOM_MAILX_IGNORE_CVES += CVE-2014-7844 HEIRLOOM_MAILX_IGNORE_CVES += CVE-2014-7844
ifeq ($(BR2_PACKAGE_OPENSSL),y) ifeq ($(BR2_PACKAGE_OPENSSL),y)