mirrors/buildroot
0
0
Fork 0
mirror of https://git.busybox.net/buildroot.git synced 2024-11-24 14:03:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

package/cmake: ignore CVE-2016-10642

Browse Source 
This is specific to the npm package that installs cmake, so isn't
relevant to Buildroot.
14241ed09f/meta/recipes-devtools/cmake/cmake.inc

https://nvd.nist.gov/vuln/detail/CVE-2016-10642#vulnCurrentDescriptionTitle
 "cmake installs the cmake x86 linux binaries. cmake downloads
 binary resources over HTTP, which leaves it vulnerable to
 MITM attacks. It may be possible to cause remote code
 execution (RCE) by swapping out the requested binary with
 an attacker controlled binary if the attacker is on the
 network or positioned in between the user and the remote server."

Signed-off-by: Matthew Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
This commit is contained in:
Matt Weber 2021-04-21 15:42:29 -05:00 committed by Yann E. MORIN
parent 23fb8dd2d0
commit 5ce1e773b9
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
package/cmake/cmake.mk
View File

@ -10,6 +10,8 @@ CMAKE_SITE = https://cmake.org/files/v$(CMAKE_VERSION_MAJOR)
CMAKE_LICENSE = BSD-3-Clause
CMAKE_LICENSE_FILES = Copyright.txt
CMAKE_CPE_ID_VENDOR = cmake_project
# Tool download MITM attack warning if using npm package to install cmake
CMAKE_IGNORE_CVES = CVE-2016-10642
# CMake is a particular package:
# * CMake can be built using the generic infrastructure or the cmake one.