|
@@ -19,14 +19,6 @@ GRUB2_INSTALL_IMAGES = YES
|
|
|
# doesn't exist upstream, but is added by the Redhat/Fedora
|
|
# doesn't exist upstream, but is added by the Redhat/Fedora
|
|
|
# packaging. Not applicable to Buildroot.
|
|
# packaging. Not applicable to Buildroot.
|
|
|
GRUB2_IGNORE_CVES += CVE-2019-14865
|
|
GRUB2_IGNORE_CVES += CVE-2019-14865
|
|
|
-# CVE-2020-15705 is related to a flaw in the use of the
|
|
|
|
|
-# grub_linuxefi_secure_validate(), which was added by Debian/Ubuntu
|
|
|
|
|
-# patches. The issue doesn't affect upstream Grub, and
|
|
|
|
|
-# grub_linuxefi_secure_validate() is not implemented in the grub2
|
|
|
|
|
-# version available in Buildroot.
|
|
|
|
|
-GRUB2_IGNORE_CVES += CVE-2020-15705
|
|
|
|
|
-# vulnerability is specific to the SUSE distribution
|
|
|
|
|
-GRUB2_IGNORE_CVES += CVE-2021-46705
|
|
|
|
|
# vulnerability is specific to the Redhat distribution, affects a
|
|
# vulnerability is specific to the Redhat distribution, affects a
|
|
|
# downstream change from Redhat related to password authentication
|
|
# downstream change from Redhat related to password authentication
|
|
|
GRUB2_IGNORE_CVES += CVE-2023-4001
|
|
GRUB2_IGNORE_CVES += CVE-2023-4001
|
Thomas Petazzoni