package/libssh: drop stale ignore CVE entry
CVE-2023-3603 has never affected any release, but NVD decided to document it as affecting all versions up to 0.8.9. While this is incorrect, we don't really care much, as we're now using 0.11 which according to NVD is not affected, making our ignore CVE entry stale. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit is contained in:
Thomas Petazzoni
committed by
Julien Olivain
Julien Olivain
parent
38abba3703
commit
ae116161ac
@@ -17,10 +17,6 @@ LIBSSH_CONF_OPTS = \
|
||||
-DWITH_STACK_PROTECTOR=OFF \
|
||||
-DWITH_EXAMPLES=OFF
|
||||
|
||||
# Not part of any release
|
||||
# https://www.libssh.org/2023/07/14/cve-2023-3603-potential-null-dereference-in-libsshs-sftp-server/
|
||||
LIBSSH_IGNORE_CVES += CVE-2023-3603
|
||||
|
||||
ifeq ($(BR2_ARM_INSTRUCTIONS_THUMB),y)
|
||||
LIBSSH_CONF_OPTS += -DWITH_STACK_CLASH_PROTECTION=OFF
|
||||
endif
|
||||
|
||||
Reference in New Issue
Block a user