NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/tar: ignore CVE-2007-4476

Browse Source 
https://security-tracker.debian.org/tracker/CVE-2007-4476

Currently NVD has this incorrectly tagged for all versions.
The bug trackers on different distros show it was generally
fixed in versions >= 1.16 but because the impacted source
code is in the GNU paxutils, it is hard to follow in what
cases tar has been fixed around that 1.16 version.

https://bugs.gentoo.org/196978

https://www.itsecdb.com/oval/definition/oval/org.mitre.oval/def/9336/Buffer-overflow-in-the-safer-name-suffix-function-in-GNU-tar.html

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 9486774bbf)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Matt Weber 2021-04-21 15:42:35 -05:00 committed by Peter Korsgaard
parent ea5323f16a
commit ddd47a70a8
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/tar/tar.mk
View File

@ -13,6 +13,8 @@ TAR_CONF_OPTS = --exec-prefix=/
TAR_LICENSE = GPL-3.0+
TAR_LICENSE_FILES = COPYING
TAR_CPE_ID_VENDOR = gnu
# only tar <= 1.16
TAR_IGNORE_CVES += CVE-2007-4476
# 0001-Fix-memory-leak-in-read_header.patch
TAR_IGNORE_CVES += CVE-2021-20193