[Buildroot] [PATCH] package/libcurl: ignore CVE-2024-32928

[Buildroot] [PATCH] package/libcurl: ignore CVE-2024-32928

[Baruch Siach via buildroot]

This vulnerability only affects libcurl deployments in Nest products
because of incorrect use.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 package/libcurl/libcurl.mk | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/package/libcurl/libcurl.mk b/package/libcurl/libcurl.mk
index 9bf7724e7d54..71fb6152c73d 100644
--- a/package/libcurl/libcurl.mk
+++ b/package/libcurl/libcurl.mk
@@ -32,6 +32,10 @@ LIBCURL_CONF_OPTS = \
 	--disable-ldap \
 	--disable-ldaps
 
+# Only affects Nest products.
+# https://nvd.nist.gov/vuln/detail/CVE-2024-32928
+LIBCURL_IGNORE_CVES += CVE-2024-32928
+
 ifeq ($(BR2_TOOLCHAIN_HAS_THREADS),y)
 LIBCURL_CONF_OPTS += --enable-threaded-resolver
 else
-- 
2.45.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/libcurl: ignore CVE-2024-32928

[Thomas Petazzoni via buildroot]

On Mon, 21 Oct 2024 14:54:17 +0300
Baruch Siach via buildroot <buildroot@buildroot.org> wrote:

> This vulnerability only affects libcurl deployments in Nest products
> because of incorrect use.
> 
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>
> ---
>  package/libcurl/libcurl.mk | 4 ++++
>  1 file changed, 4 insertions(+)

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH] package/libcurl: ignore CVE-2024-32928

[Peter Korsgaard]

On 10/21/24 13:54, Baruch Siach via buildroot wrote:
> This vulnerability only affects libcurl deployments in Nest products
> because of incorrect use.
> 
> Signed-off-by: Baruch Siach <baruch@tkos.co.il>

Committed to 2024.02.x and 2024.08.x, thanks.

-- 
Bye, Peter Korsgaard

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot