package/rsyslog: ignore CVE-2015-3243
https://security-tracker.debian.org/tracker/CVE-2015-3243
"Rsyslog uses weak permissions for generating log files."
Ignoring this CVE for Buildroot as normally there are not local
users and a build could customize the rsyslog.conf to be more
restrictive ($FileCreateMode 0640).
Example fix from Alpino Linux
3cb5210cda
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
parent
675769791b
commit
fb4402b516
@ -9,6 +9,10 @@ RSYSLOG_SITE = http://rsyslog.com/files/download/rsyslog
|
||||
RSYSLOG_LICENSE = GPL-3.0, LGPL-3.0, Apache-2.0
|
||||
RSYSLOG_LICENSE_FILES = COPYING COPYING.LESSER COPYING.ASL20
|
||||
RSYSLOG_CPE_ID_VENDOR = rsyslog
|
||||
# rsyslog uses weak permissions for generating log files.
|
||||
# Ignoring this CVE as Buildroot normally doesn't have local users and a build
|
||||
# could customize the rsyslog.conf to be more restrictive ($FileCreateMode 0640)
|
||||
RSYSLOG_IGNORE_CVES += CVE-2015-3243
|
||||
RSYSLOG_DEPENDENCIES = zlib libestr liblogging libfastjson host-pkgconf
|
||||
RSYSLOG_CONF_ENV = ac_cv_prog_cc_c99='-std=c99'
|
||||
RSYSLOG_PLUGINS = imdiag imfile impstats imptcp \
|
||||
|
Loading…
Reference in New Issue
Block a user