[Buildroot] [PATCH] package/libcurl: ignore CVE-2024-32928

* [Buildroot] [PATCH] package/libcurl: ignore CVE-2024-32928
@ 2024-10-21 11:54 Baruch Siach via buildroot
  2024-10-23 20:32 ` Thomas Petazzoni via buildroot
  2024-11-09 16:42 ` Peter Korsgaard
  0 siblings, 2 replies; 3+ messages in thread
From: Baruch Siach via buildroot @ 2024-10-21 11:54 UTC (permalink / raw)
  To: buildroot

This vulnerability only affects libcurl deployments in Nest products
because of incorrect use.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 package/libcurl/libcurl.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 9bf7724e7d54..71fb6152c73d 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -32,6 +32,10 @@ LIBCURL_CONF_OPTS = \
 	--disable-ldap \
 	--disable-ldaps
 
+# Only affects Nest products.
+# https://nvd.nist.gov/vuln/detail/CVE-2024-32928
+LIBCURL_IGNORE_CVES += CVE-2024-32928
+
 ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
 LIBCURL_CONF_OPTS += --enable-threaded-resolver
 else
-- 
2.45.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 3+ messages in thread