[Buildroot] [PATCH] package/ripgrep: ignore CVE-2021-3013 as Windows only
sam.voss at gmail.com
sam.voss at gmail.com
Thu Sep 30 03:52:49 UTC 2021
From: Sam Voss <sam.voss at gmail.com>
CVE-2021-3013 does not impact any buildroot versions of ripgrep as it is
a Windows-only exploit targeting ripgrep versions earlier than 13. It
can be safely ignored on our LTS branches.
Signed-off-by: Sam Voss <sam.voss at gmail.com>
---
Note: Please apply this patch to:
* 2021.02.x
* 2021.05.x
* 2021.08.x
Master currently has version 13, which does not report this CVE.
---
package/ripgrep/ripgrep.mk | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/ripgrep/ripgrep.mk b/package/ripgrep/ripgrep.mk
index 450bb020e3..8d0185595d 100644
--- a/package/ripgrep/ripgrep.mk
+++ b/package/ripgrep/ripgrep.mk
@@ -10,6 +10,9 @@ RIPGREP_LICENSE = MIT
RIPGREP_LICENSE_FILES = LICENSE-MIT
RIPGREP_CPE_ID_VENDOR = ripgrep_project
+# CVE only impacts ripgrep on Windows
+RIPGREP_IGNORE_CVES += CVE-2021-3013
+
RIPGREP_DEPENDENCIES = host-rustc
RIPGREP_CARGO_ENV = CARGO_HOME=$(HOST_DIR)/share/cargo \
__CARGO_TEST_CHANNEL_OVERRIDE_DO_NOT_USE_THIS="nightly" \
--
2.33.0
More information about the buildroot
mailing list