Home Explore Help
Register Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Browse Source

package/ripgrep: ignore CVE-2021-3013 as Windows only

CVE-2021-3013 does not impact any buildroot versions of ripgrep as it is
a Windows-only exploit targeting ripgrep versions earlier than 13. It
can be safely ignored on our LTS branches.

    https://nvd.nist.gov/vuln/detail/CVE-2021-3013

Signed-off-by: Sam Voss <sam.voss@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 641beb3217ce1686772c80ac9e2cf815d72f1624)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Sam Voss 3 years ago
parent
541dc3fafd
commit
8dfae41d4c
1 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 3 0
      package/ripgrep/ripgrep.mk

+ 3 - 0
package/ripgrep/ripgrep.mk
View File 

@@ -10,6 +10,9 @@ RIPGREP_LICENSE = MIT
 
 RIPGREP_LICENSE_FILES = LICENSE-MIT
 
 RIPGREP_CPE_ID_VENDOR = ripgrep_project
 
 
+# CVE only impacts ripgrep on Windows
 
+RIPGREP_IGNORE_CVES += CVE-2021-3013
 
+
 
 RIPGREP_DEPENDENCIES = host-rustc
 
 RIPGREP_CARGO_ENV = CARGO_HOME=$(HOST_DIR)/share/cargo