diff options
| author |  Fabrice Fontaine <fontaine.fabrice@gmail.com> | 2020-02-29 10:46:09 +0100 |
|---|---|---|
| committer |  Yann E. MORIN <yann.morin.1998@free.fr> | 2020-02-29 18:17:37 +0100 |
| commit | c8c5660a818c9a367e46d4188f5f87b2dfe74a71 (patch) | |
| tree | 81d116f3ea3c0895b92f35d596c2e4440459ec94 /package/boost/boost.mk | |
| parent | 3883517b569e84d28a4766d64d86722bb70cc895 (diff) | |
| download | buildroot-c8c5660a818c9a367e46d4188f5f87b2dfe74a71.tar.gz buildroot-c8c5660a818c9a367e46d4188f5f87b2dfe74a71.tar.bz2 | |
package/boost: annotate _IGNORE_CVES for CVE-2009-3654
This CVE does not affect the boost package, but is misclassified by our
CVS tracker. As per the advisory:
Unspecified vulnerability in Boost before 6.x-1.03, a module for
Drupal, allows remote attackers to create new webroot directories
via unknown attack vectors.
Ignore the CVS, and expand a comment to explain it.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: expand the comment]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Diffstat (limited to 'package/boost/boost.mk')
| -rw-r--r-- | package/boost/boost.mk | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/package/boost/boost.mk b/package/boost/boost.mk index 322429a10c..2daf7f5a96 100644 --- a/package/boost/boost.mk +++ b/package/boost/boost.mk @@ -11,6 +11,10 @@ BOOST_INSTALL_STAGING = YES BOOST_LICENSE = BSL-1.0 BOOST_LICENSE_FILES = LICENSE_1_0.txt +# CVE-2009-3654 is misclassified (by our CVE tracker) as affecting to boost, +# while in fact it affects Drupal (a module called boost in there). +BOOST_IGNORE_CVES += CVE-2009-3654 + # keep host variant as minimal as possible HOST_BOOST_FLAGS = --without-icu --with-toolset=gcc \ --without-libraries=$(subst $(space),$(comma),atomic chrono context \ |