| Message ID | 20211013210117.1929839-1-fontaine.fabrice@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/1] Revert "package/coreutils: ignore CVE-2013-0221, CVE-2013-0222, CVE-2013-0223" | expand |
Fabrice, All, On 2021-10-13 23:01 +0200, Fabrice Fontaine spake thusly: > This reverts commit 8ae9156d8b730689484927fba2ec2fa6c1dc0433 as those > CVEs are not tagged as affecting gnu:coreutils in NVD NIST database but > opensuse:opensuse and redhat:entreprise_linux: > - https://nvd.nist.gov/vuln/detail/CVE-2013-0221 > - https://nvd.nist.gov/vuln/detail/CVE-2013-0222 > - https://nvd.nist.gov/vuln/detail/CVE-2013-0223 Indeed, pkg-stats does not list those CVEs. > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Applied to master, thanks. Regards, Yann E. MORIN. > --- > package/coreutils/coreutils.mk | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/package/coreutils/coreutils.mk b/package/coreutils/coreutils.mk > index 6822c58a32..9c0f46cb29 100644 > --- a/package/coreutils/coreutils.mk > +++ b/package/coreutils/coreutils.mk > @@ -10,10 +10,6 @@ COREUTILS_SOURCE = coreutils-$(COREUTILS_VERSION).tar.xz > COREUTILS_LICENSE = GPL-3.0+ > COREUTILS_LICENSE_FILES = COPYING > COREUTILS_CPE_ID_VENDOR = gnu > -# Only when including SUSE coreutils-i18n.patch > -COREUTILS_IGNORE_CVES = CVE-2013-0221 > -COREUTILS_IGNORE_CVES += CVE-2013-0222 > -COREUTILS_IGNORE_CVES += CVE-2013-0223 > > COREUTILS_CONF_OPTS = --disable-rpath \ > $(if $(BR2_TOOLCHAIN_USES_MUSL),--with-included-regex) > -- > 2.33.0 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
diff --git a/package/coreutils/coreutils.mk b/package/coreutils/coreutils.mk index 6822c58a32..9c0f46cb29 100644 --- a/package/coreutils/coreutils.mk +++ b/package/coreutils/coreutils.mk @@ -10,10 +10,6 @@ COREUTILS_SOURCE = coreutils-$(COREUTILS_VERSION).tar.xz COREUTILS_LICENSE = GPL-3.0+ COREUTILS_LICENSE_FILES = COPYING COREUTILS_CPE_ID_VENDOR = gnu -# Only when including SUSE coreutils-i18n.patch -COREUTILS_IGNORE_CVES = CVE-2013-0221 -COREUTILS_IGNORE_CVES += CVE-2013-0222 -COREUTILS_IGNORE_CVES += CVE-2013-0223 COREUTILS_CONF_OPTS = --disable-rpath \ $(if $(BR2_TOOLCHAIN_USES_MUSL),--with-included-regex)
This reverts commit 8ae9156d8b730689484927fba2ec2fa6c1dc0433 as those CVEs are not tagged as affecting gnu:coreutils in NVD NIST database but opensuse:opensuse and redhat:entreprise_linux: - https://nvd.nist.gov/vuln/detail/CVE-2013-0221 - https://nvd.nist.gov/vuln/detail/CVE-2013-0222 - https://nvd.nist.gov/vuln/detail/CVE-2013-0223 Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/coreutils/coreutils.mk | 4 ---- 1 file changed, 4 deletions(-)