package/exiv2: annotate CVE-2019-13504

author Fabrice Fontaine <fontaine.fabrice@gmail.com>

Sat, 29 Feb 2020 21:32:02 +0000 (22:32 +0100)

committer Yann E. MORIN <yann.morin.1998@free.fr>

Sun, 1 Mar 2020 07:25:26 +0000 (08:25 +0100)
author Fabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 29 Feb 2020 21:32:02 +0000 (22:32 +0100)
committer Yann E. MORIN <yann.morin.1998@free.fr>
Sun, 1 Mar 2020 07:25:26 +0000 (08:25 +0100)
diff --git a/package/exiv2/exiv2.mk b/package/exiv2/exiv2.mk

index ee96a1c2c8077e0ee9af6b771f3787dc0d9b677c..5ca16c474758c352eb1e6457de3072cf35c33cea 100644 (file)
--- a/package/exiv2/exiv2.mk
+++ b/package/exiv2/exiv2.mk
@@ -10,6 +10,11 @@ EXIV2_INSTALL_STAGING = YES
  EXIV2_LICENSE = GPL-2.0+, BSD-3-Clause
  EXIV2_LICENSE_FILES = COPYING COPYING-CMAKE-SCRIPTS
  
+# CVE-2019-13504 is misclassified (by our CVE tracker) as affecting version
+# 0.27.2, while in fact both commits that fixed this issue are already in this
+# version.
+EXIV2_IGNORE_CVES += CVE-2019-13504
+
  # 0001-crwimage-Check-offset-and-size-against-total-size.patch
  EXIV2_IGNORE_CVES += CVE-2019-17402
author	Fabrice Fontaine <fontaine.fabrice@gmail.com>
	Sat, 29 Feb 2020 21:32:02 +0000 (22:32 +0100)
committer	Yann E. MORIN <yann.morin.1998@free.fr>
	Sun, 1 Mar 2020 07:25:26 +0000 (08:25 +0100)