[Buildroot] [git commit] package/lz4: fix LZ4_CPE_ID_VENDOR
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Fri Oct 28 06:53:13 UTC 2022
commit: https://git.buildroot.net/buildroot/commit/?id=ae29bb28808dbafd39d39e850820b3f063329f66
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
cpe:2.3:a:yann_collet:lz4, which was added by commit
63332c33aa0771532807fd2684d4eee4eb952435, was never a valid CPE
identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Ayann_collet%3Alz4
cpe:2.3:a:lz4_project:lz4 is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Alz4_project%3Alz4
While at it, also drop the note added by commit
45db4bb08e3e550db483d8745fe8aaede2fa7e98
Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni at bootlin.com>
---
package/lz4/lz4.mk | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/package/lz4/lz4.mk b/package/lz4/lz4.mk
index 9b9b6198c3..541a03473a 100644
--- a/package/lz4/lz4.mk
+++ b/package/lz4/lz4.mk
@@ -9,13 +9,7 @@ LZ4_SITE = $(call github,lz4,lz4,v$(LZ4_VERSION))
LZ4_INSTALL_STAGING = YES
LZ4_LICENSE = BSD-2-Clause (library), GPL-2.0+ (programs)
LZ4_LICENSE_FILES = lib/LICENSE programs/COPYING
-LZ4_CPE_ID_VENDOR = yann_collet
-
-# CVE-2014-4715 is misclassified (by our CVE tracker) as affecting version
-# 1.9.2, while in fact this issue has been fixed since lz4-r130:
-# https://github.com/lz4/lz4/commit/140e6e72ddb6fc5f7cd28ce0c8ec3812ef4a9c08
-# See https://github.com/lz4/lz4/issues/818
-LZ4_IGNORE_CVES += CVE-2014-4715
+LZ4_CPE_ID_VENDOR = lz4_project
# 0001-Fix-potential-memory-corruption-with-negative-memmov.patch
LZ4_IGNORE_CVES += CVE-2021-3520
More information about the buildroot
mailing list