aboutsummaryrefslogtreecommitdiff
path: root/package/libical/libical.mk
diff options
context:
space:
mode:
authorGravatar Fabrice Fontaine <fontaine.fabrice@gmail.com>2020-03-28 10:36:47 +0100
committerGravatar Thomas Petazzoni <thomas.petazzoni@bootlin.com>2020-03-28 14:41:28 +0100
commit69b51259a2cccbbeff106b7d3536832ab999c0f1 (patch)
tree2fcbbc1628e17cec68dabb7d3661f7d2c0085693 /package/libical/libical.mk
parent1d8426b32cb030888cbd3d8abdc2b4dc70e987c8 (diff)
downloadbuildroot-69b51259a2cccbbeff106b7d3536832ab999c0f1.tar.gz
buildroot-69b51259a2cccbbeff106b7d3536832ab999c0f1.tar.bz2
package/libical: fix CVE-2016-9584
libical allows remote attackers to cause a denial of service (use-after-free) and possibly read heap memory via a crafted ics file. Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Diffstat (limited to 'package/libical/libical.mk')
-rw-r--r--package/libical/libical.mk3
1 files changed, 3 insertions, 0 deletions
diff --git a/package/libical/libical.mk b/package/libical/libical.mk
index 7125aa8b19..f9a266026e 100644
--- a/package/libical/libical.mk
+++ b/package/libical/libical.mk
@@ -10,6 +10,9 @@ LIBICAL_INSTALL_STAGING = YES
LIBICAL_LICENSE = MPL-1.0 or LGPL-2.1
LIBICAL_LICENSE_FILES = LICENSE
+# 0002-icaltypes-c-icalreqstattype_from_string-copy-the-reqstattype.patch
+LIBICAL_IGNORE_CVES += CVE-2016-9584
+
# building without this option is broken, it is used by
# Gentoo/alpinelinux as well
LIBICAL_CONF_OPTS = -DSHARED_ONLY=true