projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ab7f5a8)
package/libsndfile: annotate _IGNORE_CVES for the included security patches
authorPeter Korsgaard <peter@korsgaard.com>
Wed, 19 Feb 2020 16:01:59 +0000 (17:01 +0100)
committerPeter Korsgaard <peter@korsgaard.com>
Thu, 20 Feb 2020 12:15:22 +0000 (13:15 +0100)
Also mark CVE-2018-13419 as disputed.

[Peter: add dispute link as suggested by Thomas]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/libsndfile/libsndfile.mk patch | blob | history

diff --git a/package/libsndfile/libsndfile.mk b/package/libsndfile/libsndfile.mk
index 22909ffb62ba4a3bcc95785da9dc65ac2517cc36..19c3184961d2aed9d62cb09e5878e18eff87ca4a 100644 (file)
--- a/package/libsndfile/libsndfile.mk
+++ b/package/libsndfile/libsndfile.mk
@@ -10,6 +10,17 @@ LIBSNDFILE_INSTALL_STAGING = YES
 LIBSNDFILE_LICENSE = LGPL-2.1+
 LIBSNDFILE_LICENSE_FILES = COPYING
 
+# 0001-double64_init-Check-psf-sf.channels-against-upper-bo.patch
+LIBSNDFILE_IGNORE_CVES += CVE-2017-14634
+# 0002-Check-MAX_CHANNELS-in-sndfile-deinterleave.patch
+LIBSNDFILE_IGNORE_CVES += CVE-2018-13139 CVE-2018-19432
+# 0003-a-ulaw-fix-multiple-buffer-overflows-432.patch
+LIBSNDFILE_IGNORE_CVES += \
+       CVE-2017-14245 CVE-2017-14246 CVE-2017-17456 CVE-2017-17457 \
+       CVE-2018-19661 CVE-2018-19662
+# disputed, https://github.com/erikd/libsndfile/issues/398
+LIBSNDFILE_IGNORE_CVES += CVE-2018-13419
+
 LIBSNDFILE_CONF_OPTS = \
        --disable-sqlite \
        --disable-alsa \