* [Buildroot] [git commit branch/2022.08.x] package/lz4: fix LZ4_CPE_ID_VENDOR
@ 2022-11-08 19:53 Peter Korsgaard
0 siblings, 0 replies; only message in thread
From: Peter Korsgaard @ 2022-11-08 19:53 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=2b61eaee9bbad9a9efda4e968ef43037d57083cb
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/2022.08.x
cpe:2.3:a:yann_collet:lz4, which was added by commit
63332c33aa0771532807fd2684d4eee4eb952435, was never a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ayann_collet%3Alz4
cpe:2.3:a:lz4_project:lz4 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alz4_project%3Alz4
While at it, also drop the note added by commit
45db4bb08e3e550db483d8745fe8aaede2fa7e98
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit ae29bb28808dbafd39d39e850820b3f063329f66)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/lz4/lz4.mk | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/package/lz4/lz4.mk b/package/lz4/lz4.mk
index 9b9b6198c3..541a03473a 100644
--- a/package/lz4/lz4.mk
+++ b/package/lz4/lz4.mk
@@ -9,13 +9,7 @@ LZ4_SITE = $(call github,lz4,lz4,v$(LZ4_VERSION))
LZ4_INSTALL_STAGING = YES
LZ4_LICENSE = BSD-2-Clause (library), GPL-2.0+ (programs)
LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING
-LZ4_CPE_ID_VENDOR = yann_collet
-
-# CVE-2014-4715 is misclassified (by our CVE tracker) as affecting version
-# 1.9.2, while in fact this issue has been fixed since lz4-r130:
-# https://github.com/lz4/lz4/commit/140e6e72ddb6fc5f7cd28ce0c8ec3812ef4a9c08
-# See https://github.com/lz4/lz4/issues/818
-LZ4_IGNORE_CVES += CVE-2014-4715
+LZ4_CPE_ID_VENDOR = lz4_project
# 0001-Fix-potential-memory-corruption-with-negative-memmov.patch
LZ4_IGNORE_CVES += CVE-2021-3520
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-11-08 19:57 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-08 19:53 [Buildroot] [git commit branch/2022.08.x] package/lz4: fix LZ4_CPE_ID_VENDOR Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.