Message ID | 20210930035250.23687-1-sam.voss@gmail.com |
---|---|
State | Accepted |
Headers | show |
Series | package/ripgrep: ignore CVE-2021-3013 as Windows only | expand |
Sam, All On 2021-09-29 22:52 -0500, sam.voss@gmail.com spake thusly: > From: Sam Voss <sam.voss@gmail.com> > > CVE-2021-3013 does not impact any buildroot versions of ripgrep as it is > a Windows-only exploit targeting ripgrep versions earlier than 13. It > can be safely ignored on our LTS branches. > > Signed-off-by: Sam Voss <sam.voss@gmail.com> Applied to master, thanks. I've just added an URL to the NVD for reference. Regards, Yann E. MORIN. > --- > > Note: Please apply this patch to: > > * 2021.02.x > * 2021.05.x > * 2021.08.x > > Master currently has version 13, which does not report this CVE. > --- > package/ripgrep/ripgrep.mk | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/package/ripgrep/ripgrep.mk b/package/ripgrep/ripgrep.mk > index 450bb020e3..8d0185595d 100644 > --- a/package/ripgrep/ripgrep.mk > +++ b/package/ripgrep/ripgrep.mk > @@ -10,6 +10,9 @@ RIPGREP_LICENSE = MIT > RIPGREP_LICENSE_FILES = LICENSE-MIT > RIPGREP_CPE_ID_VENDOR = ripgrep_project > > +# CVE only impacts ripgrep on Windows > +RIPGREP_IGNORE_CVES += CVE-2021-3013 > + > RIPGREP_DEPENDENCIES = host-rustc > RIPGREP_CARGO_ENV = CARGO_HOME=$(HOST_DIR)/share/cargo \ > __CARGO_TEST_CHANNEL_OVERRIDE_DO_NOT_USE_THIS="nightly" \ > -- > 2.33.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "sam" == sam voss <sam.voss@gmail.com> writes: > From: Sam Voss <sam.voss@gmail.com> > CVE-2021-3013 does not impact any buildroot versions of ripgrep as it is > a Windows-only exploit targeting ripgrep versions earlier than 13. It > can be safely ignored on our LTS branches. > Signed-off-by: Sam Voss <sam.voss@gmail.com> > --- > Note: Please apply this patch to: > * 2021.02.x > * 2021.05.x > * 2021.08.x > Master currently has version 13, which does not report this CVE. Committed to 2021.02.x, 2021.05.x and 2021.08.x, thanks.
diff --git a/package/ripgrep/ripgrep.mk b/package/ripgrep/ripgrep.mk index 450bb020e3..8d0185595d 100644 --- a/package/ripgrep/ripgrep.mk +++ b/package/ripgrep/ripgrep.mk @@ -10,6 +10,9 @@ RIPGREP_LICENSE = MIT RIPGREP_LICENSE_FILES = LICENSE-MIT RIPGREP_CPE_ID_VENDOR = ripgrep_project +# CVE only impacts ripgrep on Windows +RIPGREP_IGNORE_CVES += CVE-2021-3013 + RIPGREP_DEPENDENCIES = host-rustc RIPGREP_CARGO_ENV = CARGO_HOME=$(HOST_DIR)/share/cargo \ __CARGO_TEST_CHANNEL_OVERRIDE_DO_NOT_USE_THIS="nightly" \