openRuyi-tutorials/buildroot
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/dovecot: document why the ignore CVE entry is not stale

Browse Source 
The new pkg-stats feature of stale ignore CVE entry detection reports
CVE-2022-30550 as stale, but it's not correct: the NVD database is
incorrect, and this has been reported in
https://lore.kernel.org/buildroot/20250517181815.02ce0393@windsurf/.

Let's annotate this information in dovecot.mk so that we don't wonder
why it's reported stale.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit is contained in:
Thomas Petazzoni
2025-05-18 10:56:57 +02:00
committed by Julien Olivain
parent 1799aa7eb4
commit 3e03873ff1
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/dovecot/dovecot.mk
View File

@@ -22,6 +22,10 @@ DOVECOT_DEPENDENCIES = \
DOVECOT_IGNORE_CVES += CVE-2016-4983
# 0001-auth-Fix-handling-passdbs-with-identical-driver-args.patch
# Note: this ignore CVE entry is reported as stale by pkg-stats, but
# the NVD database is incorrect:
# https://lore.kernel.org/buildroot/20250517181815.02ce0393@windsurf/
DOVECOT_IGNORE_CVES += CVE-2022-30550
DOVECOT_CONF_ENV = \