NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/erlang: ignore Windows specific CVE-2021-29221

Browse Source 
CVE-2021-29221 is a Windows specific issue:

A local privilege escalation vulnerability was discovered in Erlang/OTP
prior to version 23.2.3.  By adding files to an existing installation's
directory, a local attacker could hijack accounts of other users running
Erlang programs or possibly coerce a service running with "erlsrv.exe" to
execute arbitrary code as Local System.  This can occur only under specific
conditions on Windows with unsafe filesystem permissions.

So ignore it.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Peter Korsgaard 2021-09-18 18:59:46 +02:00 committed by Yann E. MORIN
parent 31c94080d2
commit e7c2eaf929
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
package/erlang/erlang.mk vendored
View File

@ -16,6 +16,9 @@ ERLANG_CPE_ID_VENDOR = erlang
ERLANG_CPE_ID_PRODUCT = erlang\/otp
ERLANG_INSTALL_STAGING = YES
# windows specific issue: https://nvd.nist.gov/vuln/detail/CVE-2021-29221
ERLANG_IGNORE_CVES += CVE-2021-29221
# Remove the leftover deps directory from the ssl app
# See https://bugs.erlang.org/browse/ERL-1168
define ERLANG_REMOVE_SSL_DEPS