NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/lz4: fix LZ4_CPE_ID_VENDOR

Browse Source 
cpe:2.3🅰️yann_collet:lz4, which was added by commit
63332c33aa, was never a valid CPE
identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ayann_collet%3Alz4

cpe:2.3🅰️lz4_project:lz4 is a valid CPE identifier for this package:

  https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alz4_project%3Alz4

While at it, also drop the note added by commit
45db4bb08e

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
Fabrice Fontaine 2022-10-23 11:10:08 +02:00 committed by Thomas Petazzoni
parent 8ab39ac65e
commit ae29bb2880
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
package/lz4/lz4.mk
View File

@ -9,13 +9,7 @@ LZ4_SITE = $(call github,lz4,lz4,v$(LZ4_VERSION))
LZ4_INSTALL_STAGING = YES LZ4_INSTALL_STAGING = YES
LZ4_LICENSE = BSD-2-Clause (library), GPL-2.0+ (programs) LZ4_LICENSE = BSD-2-Clause (library), GPL-2.0+ (programs)
LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING
LZ4_CPE_ID_VENDOR = yann_collet LZ4_CPE_ID_VENDOR = lz4_project
# CVE-2014-4715 is misclassified (by our CVE tracker) as affecting version
# 1.9.2, while in fact this issue has been fixed since lz4-r130:
# https://github.com/lz4/lz4/commit/140e6e72ddb6fc5f7cd28ce0c8ec3812ef4a9c08
# See https://github.com/lz4/lz4/issues/818
LZ4_IGNORE_CVES += CVE-2014-4715
# 0001-Fix-potential-memory-corruption-with-negative-memmov.patch # 0001-Fix-potential-memory-corruption-with-negative-memmov.patch
LZ4_IGNORE_CVES += CVE-2021-3520 LZ4_IGNORE_CVES += CVE-2021-3520