Message ID | 20230313061323.173744-1-fido_max@inbox.ru |
---|---|
State | Accepted |
Headers | show |
Series | [1/1] package/postgresql: ignore CVE-2017-8806 | expand |
Maxim, All, On 2023-03-13 09:13 +0300, Maxim Kochetkov via buildroot spake thusly: > CVE-2017-8806 is related to postgresql-common package. I've reworded that sentence to explain that postgresql-common is a package in Debian-like distros, not available in Buildroot. > It is false positive for postgresql, so ignore it. I also added a blurb that the similar CVE that did apply to postgresql was fixed a while ago, to avoid vonfusion. Applied to master, thanks. Regards, Yann E. MORIN. > Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru> > --- > package/postgresql/postgresql.mk | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/package/postgresql/postgresql.mk b/package/postgresql/postgresql.mk > index a2aed9a2eb..e46622c0e7 100644 > --- a/package/postgresql/postgresql.mk > +++ b/package/postgresql/postgresql.mk > @@ -19,6 +19,10 @@ POSTGRESQL_CONF_ENV = \ > POSTGRESQL_CONF_OPTS = --disable-rpath > POSTGRESQL_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) > > +# CVE-2017-8806 is related to postgresql-common package > +# It is false positive for postgresql > +POSTGRESQL_IGNORE_CVES += CVE-2017-8806 > + > # https://www.postgresql.org/docs/11/static/install-procedure.html: > # "If you want to invoke the build from another makefile rather than > # manually, you must unset MAKELEVEL or set it to zero" > -- > 2.39.2 > > _______________________________________________ > buildroot mailing list > buildroot@buildroot.org > https://lists.buildroot.org/mailman/listinfo/buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes: > Maxim, All, > On 2023-03-13 09:13 +0300, Maxim Kochetkov via buildroot spake thusly: >> CVE-2017-8806 is related to postgresql-common package. > I've reworded that sentence to explain that postgresql-common is a > package in Debian-like distros, not available in Buildroot. >> It is false positive for postgresql, so ignore it. > I also added a blurb that the similar CVE that did apply to postgresql > was fixed a while ago, to avoid vonfusion. > Applied to master, thanks. Committed to 2023.02.x and 2022.02.x, thanks.
diff --git a/package/postgresql/postgresql.mk b/package/postgresql/postgresql.mk index a2aed9a2eb..e46622c0e7 100644 --- a/package/postgresql/postgresql.mk +++ b/package/postgresql/postgresql.mk @@ -19,6 +19,10 @@ POSTGRESQL_CONF_ENV = \ POSTGRESQL_CONF_OPTS = --disable-rpath POSTGRESQL_DEPENDENCIES = $(TARGET_NLS_DEPENDENCIES) +# CVE-2017-8806 is related to postgresql-common package +# It is false positive for postgresql +POSTGRESQL_IGNORE_CVES += CVE-2017-8806 + # https://www.postgresql.org/docs/11/static/install-procedure.html: # "If you want to invoke the build from another makefile rather than # manually, you must unset MAKELEVEL or set it to zero"
CVE-2017-8806 is related to postgresql-common package. It is false positive for postgresql, so ignore it. Signed-off-by: Maxim Kochetkov <fido_max@inbox.ru> --- package/postgresql/postgresql.mk | 4 ++++ 1 file changed, 4 insertions(+)