| Message ID | 20240131081254.175261-1-peter@korsgaard.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] package/glibc: add CVE ignore for CVE-2023-4806 | expand |
On 31/01/2024 09.12, Peter Korsgaard wrote: > Commit 8519de517e22 (package/{glibc, localedef}: security bump to version > glibc-2.38-27-g750a45a783906a19591fb8ff6b7841470f1f5701) correctly mentioned > CVE-2023-4806 in the commit message, but forgot to add an ignore for it. > > Fix that. > > Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Committed, thanks.
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes: > On 31/01/2024 09.12, Peter Korsgaard wrote: >> Commit 8519de517e22 (package/{glibc, localedef}: security bump to version >> glibc-2.38-27-g750a45a783906a19591fb8ff6b7841470f1f5701) correctly mentioned >> CVE-2023-4806 in the commit message, but forgot to add an ignore for it. >> Fix that. >> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> > Committed, thanks. Committed to 2023.11.x, thanks.
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk index 596697bb8f..d49da6457c 100644 --- a/package/glibc/glibc.mk +++ b/package/glibc/glibc.mk @@ -28,6 +28,10 @@ GLIBC_CPE_ID_VERSION = $(word 1, $(subst -,$(space),$(GLIBC_VERSION))) # 2.38 and the version we're really using GLIBC_IGNORE_CVES += CVE-2023-4527 +# Fixed by 5ee59ca371b99984232d7584fe2b1a758b4421d3, which is between +# 2.38 and the version we're really using +GLIBC_IGNORE_CVES += CVE-2023-4806 + # Fixed by 750a45a783906a19591fb8ff6b7841470f1f5710, which is between # 2.38 and the version we're really using. GLIBC_IGNORE_CVES += CVE-2023-4911
Commit 8519de517e22 (package/{glibc, localedef}: security bump to version glibc-2.38-27-g750a45a783906a19591fb8ff6b7841470f1f5701) correctly mentioned CVE-2023-4806 in the commit message, but forgot to add an ignore for it. Fix that. Signed-off-by: Peter Korsgaard <peter@korsgaard.com> --- package/glibc/glibc.mk | 4 ++++ 1 file changed, 4 insertions(+)