package/libuci: ignore CVE-2019-15513

CVE-2019-15513 was fixed upstream in 2015 with commit
19e29ffc15dbd958e8e6a648ee0982c68353516f, which is older than the commit
we currently use in LIBUCI_VERSION.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
[yann.morin.1998@free.fr: reword comment and commit log]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>

diff --git a/package/libuci/libuci.mk b/package/libuci/libuci.mk
index a8922a96e1bb9344412107560e07516935f8d5bb..0d0b78036efb1a3aab76967d9785427ea7a5dec1 100644 (file)
--- a/package/libuci/libuci.mk
+++ b/package/libuci/libuci.mk
@@ -12,6 +12,9 @@ LIBUCI_CPE_ID_VENDOR = openwrt
 LIBUCI_INSTALL_STAGING = YES
 LIBUCI_DEPENDENCIES = libubox
 
+# Fixed in commit 19e29ffc15dbd958e8e6a648ee0982c68353516f, older than LIBUCI_VERSION
+LIBUCI_IGNORE_CVES += CVE-2019-15513
+
 ifeq ($(BR2_PACKAGE_LUA_5_1),y)
 LIBUCI_DEPENDENCIES += lua
 LIBUCI_CONF_OPTS += -DBUILD_LUA=ON \