| Message ID | 20210421204235.5956-7-matthew.weber@rockwellcollins.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Misc CVE ignores | expand |
>>>>> "Matt" == Matt Weber <matthew.weber@rockwellcollins.com> writes: > The CVE can be ignored when the internal TLS impl isn't used. > https://security-tracker.debian.org/tracker/CVE-2021-30004 > "Issue only affects the "internal" TLS implementation > (CONFIG_TLS=internal)" > Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> A conditionally ignored CVE isn't great. Why not just add the fix? I just gave it a try and it applies cleanly to 2.9.
diff --git a/package/hostapd/hostapd.mk b/package/hostapd/hostapd.mk index efeefd8b35..2995545d18 100644 --- a/package/hostapd/hostapd.mk +++ b/package/hostapd/hostapd.mk @@ -38,6 +38,8 @@ ifeq ($(BR2_PACKAGE_LIBOPENSSL),y) HOSTAPD_DEPENDENCIES += host-pkgconf libopenssl HOSTAPD_LIBS += `$(PKG_CONFIG_HOST_BINARY) --libs openssl` HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=openssl\)/\1/' +# Issue only affects the "internal" TLS implementation +HOSTAPD_IGNORE_CVES += CVE-2021-30004 else HOSTAPD_CONFIG_DISABLE += CONFIG_EAP_PWD CONFIG_EAP_TEAP HOSTAPD_CONFIG_EDITS += 's/\#\(CONFIG_TLS=\).*/\1internal/'
The CVE can be ignored when the internal TLS impl isn't used. https://security-tracker.debian.org/tracker/CVE-2021-30004 "Issue only affects the "internal" TLS implementation (CONFIG_TLS=internal)" Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com> --- package/hostapd/hostapd.mk | 2 ++ 1 file changed, 2 insertions(+)