package/libexif: annotate CVEs

author Fabrice Fontaine <fontaine.fabrice@gmail.com>

Wed, 1 Apr 2020 21:46:09 +0000 (23:46 +0200)

committer Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Sat, 4 Apr 2020 20:30:44 +0000 (22:30 +0200)
author Fabrice Fontaine <fontaine.fabrice@gmail.com>
Wed, 1 Apr 2020 21:46:09 +0000 (23:46 +0200)
committer Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Sat, 4 Apr 2020 20:30:44 +0000 (22:30 +0200)
diff --git a/package/libexif/libexif.mk b/package/libexif/libexif.mk

index a4ec5ed3cbf8726e1b53b886040838c9c96ece5f..643d9ed89326a7c14975c0deb00e4412d079bcf7 100644 (file)
--- a/package/libexif/libexif.mk
+++ b/package/libexif/libexif.mk
@@ -12,4 +12,13 @@ LIBEXIF_DEPENDENCIES = host-pkgconf
  LIBEXIF_LICENSE = LGPL-2.1+
  LIBEXIF_LICENSE_FILES = COPYING
  
+# 0001-fixes-some-not-all-buffer-overreads-during-decoding-.patch
+LIBEXIF_IGNORE_CVES += CVE-2016-6328
+# 0002-On-saving-makernotes-make-sure-the-makernote-contain.patch
+LIBEXIF_IGNORE_CVES += CVE-2017-7544
+# 0004-Improve-deep-recursion-detection-in-exif_data_load_d.patch
+LIBEXIF_IGNORE_CVES += CVE-2018-20030
+# 0005-fix-CVE-2019-9278.patch
+LIBEXIF_IGNORE_CVES += CVE-2019-9278
+
  $(eval $(autotools-package))
author	Fabrice Fontaine <fontaine.fabrice@gmail.com>
	Wed, 1 Apr 2020 21:46:09 +0000 (23:46 +0200)
committer	Thomas Petazzoni <thomas.petazzoni@bootlin.com>
	Sat, 4 Apr 2020 20:30:44 +0000 (22:30 +0200)