* [Buildroot] [git commit] package/heirloom-mailx: fix comment about ignore CVE-2014-7844
@ 2023-08-30 20:05 Arnout Vandecappelle via buildroot
0 siblings, 0 replies; only message in thread
From: Arnout Vandecappelle via buildroot @ 2023-08-30 20:05 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=94716fdb481247e962aa646ee1a95852d03db700
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
In commit
15972770cf34ed0b0ba330e3cc42c04f1c80c3c8 ("package/heirloom-mailx:
security bump to version 12.5-5 from Debian"), we added CVE-2014-7844
in HEIRLOOM_MAILX_IGNORE_CVES, but with the wrong comment about it: it
is a different patch in the Debian stack of patches that fixes
it. Indeed the description of patch
0011-outof-Introduce-expandaddr-flag.patch is:
=====================================================================
Subject: [PATCH 1/4] outof: Introduce expandaddr flag
Document that address expansion is disabled unless the expandaddr
binary option is set.
This has been assigned CVE-2014-7844 for BSD mailx, but it is not
a vulnerability in Heirloom mailx because this feature was documented.
=====================================================================
See also https://marc.info/?l=oss-security&m=141875285203183&w=2 for
details.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Arnout Vandecappelle <arnout@mind.be>
---
package/heirloom-mailx/heirloom-mailx.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package/heirloom-mailx/heirloom-mailx.mk b/package/heirloom-mailx/heirloom-mailx.mk
index d3b8ad437a..bb2e1f48de 100644
--- a/package/heirloom-mailx/heirloom-mailx.mk
+++ b/package/heirloom-mailx/heirloom-mailx.mk
@@ -12,7 +12,7 @@ HEIRLOOM_MAILX_LICENSE = BSD-4-Clause, Bellcore (base64), OpenVision (imap_gssap
HEIRLOOM_MAILX_LICENSE_FILES = COPYING
HEIRLOOM_MAILX_CPE_ID_VENDOR = heirloom
HEIRLOOM_MAILX_CPE_ID_PRODUCT = mailx
-# 0014-globname-Invoke-wordexp-with-WRDE_NOCMD.patch in the Debian patches
+# 0011-outof-Introduce-expandaddr-flag.patch in the Debian patches
HEIRLOOM_MAILX_IGNORE_CVES += CVE-2014-7844
ifeq ($(BR2_PACKAGE_OPENSSL),y)
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2023-08-30 20:13 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-08-30 20:05 [Buildroot] [git commit] package/heirloom-mailx: fix comment about ignore CVE-2014-7844 Arnout Vandecappelle via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).