From a1f6dbd031e0dc2769163f2a4b971acb60da34d9 Mon Sep 17 00:00:00 2001
From: Daniel Lang <dalang@gmx.at>
Date: Thu, 21 Sep 2023 06:19:54 +0200
Subject: [PATCH] package/tar: drop CVE-2007-4476 from IGNORE_CVES

As off 2021-05-17 NVD added 1.19 as the first version that isn't
affected by CVE-2007-4476.

Signed-off-by: Daniel Lang <dalang@gmx.at>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 487c12a1f29140bf61abcf4cc575bd83b1fc933b)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/tar/tar.mk | 2 --
 1 file changed, 2 deletions(-)

diff --git a/package/tar/tar.mk b/package/tar/tar.mk
index 80d7495b00..690a5952ba 100644
--- a/package/tar/tar.mk
+++ b/package/tar/tar.mk
@@ -13,8 +13,6 @@ TAR_CONF_OPTS = --exec-prefix=/
 TAR_LICENSE = GPL-3.0+
 TAR_LICENSE_FILES = COPYING
 TAR_CPE_ID_VENDOR = gnu
-# only tar <= 1.16
-TAR_IGNORE_CVES += CVE-2007-4476
 
 ifeq ($(BR2_PACKAGE_ACL),y)
 TAR_DEPENDENCIES += acl