aboutsummaryrefslogtreecommitdiff
path: root/package/boost/boost.mk
diff options
context:
space:
mode:
authorGravatar Fabrice Fontaine <fontaine.fabrice@gmail.com>2020-02-29 10:46:09 +0100
committerGravatar Yann E. MORIN <yann.morin.1998@free.fr>2020-02-29 18:17:37 +0100
commitc8c5660a818c9a367e46d4188f5f87b2dfe74a71 (patch)
tree81d116f3ea3c0895b92f35d596c2e4440459ec94 /package/boost/boost.mk
parent3883517b569e84d28a4766d64d86722bb70cc895 (diff)
downloadbuildroot-c8c5660a818c9a367e46d4188f5f87b2dfe74a71.tar.gz
buildroot-c8c5660a818c9a367e46d4188f5f87b2dfe74a71.tar.bz2
package/boost: annotate _IGNORE_CVES for CVE-2009-3654
This CVE does not affect the boost package, but is misclassified by our CVS tracker. As per the advisory: Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors. Ignore the CVS, and expand a comment to explain it. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> [yann.morin.1998@free.fr: expand the comment] Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Diffstat (limited to 'package/boost/boost.mk')
-rw-r--r--package/boost/boost.mk4
1 files changed, 4 insertions, 0 deletions
diff --git a/package/boost/boost.mk b/package/boost/boost.mk
index 322429a10c..2daf7f5a96 100644
--- a/package/boost/boost.mk
+++ b/package/boost/boost.mk
@@ -11,6 +11,10 @@ BOOST_INSTALL_STAGING = YES
BOOST_LICENSE = BSL-1.0
BOOST_LICENSE_FILES = LICENSE_1_0.txt
+# CVE-2009-3654 is misclassified (by our CVE tracker) as affecting to boost,
+# while in fact it affects Drupal (a module called boost in there).
+BOOST_IGNORE_CVES += CVE-2009-3654
+
# keep host variant as minimal as possible
HOST_BOOST_FLAGS = --without-icu --with-toolset=gcc \
--without-libraries=$(subst $(space),$(comma),atomic chrono context \