Projetos/rpi-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/libcurl: remove stale IGNORE_CVES

Browse Source 
Since Buildroot commit [1] the CVEs are no longer matched to CPEs with
versions using '-'.

The CVE-2024-32928 introduced in [2] is then no longer matched to the
libcurl package.

For more information, see the explanation in commit [1].

[1] 35f376d88e support/scripts/cve.py: fix CPE matching
[2] 7e739d49b2 package/libcurl: ignore CVE-2024-32928

Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit b155395a52e50327db98e9bcfc62410e5eb109cd)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
This commit is contained in:
Thomas Perale
2025-12-30 09:19:11 +01:00
parent e4542119d6
commit af8b9d3635
1 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/libcurl/libcurl.mk
View File

@@ -25,10 +25,6 @@ LIBCURL_CONF_OPTS = \
--disable-ldap \
--disable-ldaps
# Only affects Nest products.
# https://nvd.nist.gov/vuln/detail/CVE-2024-32928
LIBCURL_IGNORE_CVES += CVE-2024-32928
# threaded resolver cannot be used with c-ares
# https://github.com/curl/curl/commit/d364f1347f05c53eea5d25a15b4ad8a62ecc85b8
ifeq ($(BR2_TOOLCHAIN_HAS_THREADS)x$(BR2_PACKAGE_C_ARES),yx)