package/flex: ignore CVE-2019-6293
https://security-tracker.debian.org/tracker/CVE-2019-6293
https://github.com/NixOS/nixpkgs/issues/55386#issuecomment-
683792976
"But this bug does not cause stack overflows in the generated code.
The function and file referred to in the bug (mark_beginning_as_normal
in nfa.c) are part of the flex code generator, not part of the
generated code. If flex crashes before generating any code, that
can hardly be a vulnerability. If flex does not crash, the generated
code is fine (or perhaps subject to other unreported bugs, who knows,
but the NFA has been generated correctly)."
Upstream has chosen to not provide a fix
https://github.com/westes/flex/issues/414
Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
[yann.morin.1998@free.fr: use actual upstream URL]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
projects / buildroot.git / commit