Home Verkennen Help
Registreren Inloggen
PUBLIC_REPOS
/
buildroot
spiegel van git://git.buildroot.net/buildroot
2
1
Vork 0
Bestanden
Bladeren bron

boot/grub2: ignore CVE-2023-4001

This vulnerability is irrelevant to Buildroot, as it affects only some
downstream changes from Redhat.

See:

  https://security-tracker.debian.org/tracker/CVE-2023-4001
  https://www.openwall.com/lists/oss-security/2024/01/15/3

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Thomas Petazzoni 11 maanden geleden
bovenliggende
2495630383
commit
e2f46ed03d
1 gewijzigde bestanden met toevoegingen van 3 en 0 verwijderingen
Zij-aan-zij weergave Toon Diff Stats
  1. 3 0
      boot/grub2/grub2.mk

+ 3 - 0
boot/grub2/grub2.mk
Bestand weergeven 

@@ -25,6 +25,9 @@ GRUB2_IGNORE_CVES += CVE-2019-14865
 
 GRUB2_IGNORE_CVES += CVE-2020-15705
 
 # vulnerability is specific to the SUSE distribution
 
 GRUB2_IGNORE_CVES += CVE-2021-46705
 
+# vulnerability is specific to the Redhat distribution, affects a
 
+# downstream change from Redhat related to password authentication
 
+GRUB2_IGNORE_CVES += CVE-2023-4001
 
 # vulnerability is specific to the Redhat distribution, affects the
 
 # grub2-set-bootflag tool, which doesn't exist upstream
 
 GRUB2_IGNORE_CVES += CVE-2024-1048