package/dovecot: ignore CVE-2016-4983

author Fabrice Fontaine <fontaine.fabrice@gmail.com>

Sat, 17 Jul 2021 21:24:39 +0000 (23:24 +0200)

committer Yann E. MORIN <yann.morin.1998@free.fr>

Sun, 18 Jul 2021 07:52:00 +0000 (09:52 +0200)
author Fabrice Fontaine <fontaine.fabrice@gmail.com>
Sat, 17 Jul 2021 21:24:39 +0000 (23:24 +0200)
committer Yann E. MORIN <yann.morin.1998@free.fr>
Sun, 18 Jul 2021 07:52:00 +0000 (09:52 +0200)
diff --git a/package/dovecot/dovecot.mk b/package/dovecot/dovecot.mk

index 93d04fc8a190a3aa6d3062396309f955f598a10b..cb1cc990a1a046551e93dd7d326559fa65fa1146 100644 (file)
--- a/package/dovecot/dovecot.mk
+++ b/package/dovecot/dovecot.mk
@@ -18,6 +18,10 @@ DOVECOT_DEPENDENCIES = \
  # add host-gettext for AM_ICONV macro
  DOVECOT_DEPENDENCIES += host-gettext
  
+# CVE-2016-4983 is an issue in a postinstall script in the dovecot rpm, which
+# is part of the Red Hat packaging and not part of upstream dovecot
+DOVECOT_IGNORE_CVES += CVE-2016-4983
+
  DOVECOT_CONF_ENV = \
         RPCGEN=__disable_RPCGEN_rquota \
         i_cv_epoll_works=yes \
author	Fabrice Fontaine <fontaine.fabrice@gmail.com>
	Sat, 17 Jul 2021 21:24:39 +0000 (23:24 +0200)
committer	Yann E. MORIN <yann.morin.1998@free.fr>
	Sun, 18 Jul 2021 07:52:00 +0000 (09:52 +0200)