NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/boost: annotate _IGNORE_CVES for CVE-2009-3654

Browse Source 
This CVE does not affect the boost package, but is misclassified by our
CVS tracker. As per the advisory:

    Unspecified vulnerability in Boost before 6.x-1.03, a module for
    Drupal, allows remote attackers to create new webroot directories
    via unknown attack vectors.

Ignore the CVS, and expand a comment to explain it.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: expand the comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Fabrice Fontaine 2020-02-29 10:46:09 +01:00 committed by Yann E. MORIN
parent 3883517b56
commit c8c5660a81
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
package/boost/boost.mk
View File

@ -11,6 +11,10 @@ BOOST_INSTALL_STAGING = YES
BOOST_LICENSE = BSL-1.0
BOOST_LICENSE_FILES = LICENSE_1_0.txt
# CVE-2009-3654 is misclassified (by our CVE tracker) as affecting to boost,
# while in fact it affects Drupal (a module called boost in there).
BOOST_IGNORE_CVES += CVE-2009-3654
# keep host variant as minimal as possible
HOST_BOOST_FLAGS = --without-icu --with-toolset=gcc \
--without-libraries=$(subst $(space),$(comma),atomic chrono context \