package/heirloom-mailx: fix comment about ignore CVE-2014-7844
In commit
15972770cf
("package/heirloom-mailx:
security bump to version 12.5-5 from Debian"), we added CVE-2014-7844
in HEIRLOOM_MAILX_IGNORE_CVES, but with the wrong comment about it: it
is a different patch in the Debian stack of patches that fixes
it. Indeed the description of patch
0011-outof-Introduce-expandaddr-flag.patch is:
=====================================================================
Subject: [PATCH 1/4] outof: Introduce expandaddr flag
Document that address expansion is disabled unless the expandaddr
binary option is set.
This has been assigned CVE-2014-7844 for BSD mailx, but it is not
a vulnerability in Heirloom mailx because this feature was documented.
=====================================================================
See also https://marc.info/?l=oss-security&m=141875285203183&w=2 for
details.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
This commit is contained in:
parent
cf686670b9
commit
94716fdb48
@ -12,7 +12,7 @@ HEIRLOOM_MAILX_LICENSE = BSD-4-Clause, Bellcore (base64), OpenVision (imap_gssap
|
|||||||
HEIRLOOM_MAILX_LICENSE_FILES = COPYING
|
HEIRLOOM_MAILX_LICENSE_FILES = COPYING
|
||||||
HEIRLOOM_MAILX_CPE_ID_VENDOR = heirloom
|
HEIRLOOM_MAILX_CPE_ID_VENDOR = heirloom
|
||||||
HEIRLOOM_MAILX_CPE_ID_PRODUCT = mailx
|
HEIRLOOM_MAILX_CPE_ID_PRODUCT = mailx
|
||||||
# 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch in the Debian patches
|
# 0011-outof-Introduce-expandaddr-flag.patch in the Debian patches
|
||||||
HEIRLOOM_MAILX_IGNORE_CVES += CVE-2014-7844
|
HEIRLOOM_MAILX_IGNORE_CVES += CVE-2014-7844
|
||||||
|
|
||||||
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
ifeq ($(BR2_PACKAGE_OPENSSL),y)
|
||||||
|
Loading…
Reference in New Issue
Block a user