package/libcoap: ignore CVE-2023-35862

According to a collaborator [0] the affected code isn't in 4.3.1 [0]: https://github.com/obgm/libcoap/issues/1117 Signed-off-by: Daniel Lang <dalang@gmx.at> Signed-off-by: Arnout Vandecappelle <arnout@mind.be> (cherry picked from commit 20c023a3b1363f914a18652a79f83648af2cf1e6) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2026-01-06 18:09:44 +03:00 · 2023-09-06 21:44:19 +02:00
parent 44291c61cd
commit 335dbb595a
1 changed files with 2 additions and 0 deletions
--- a/package/libcoap/libcoap.mk
+++ b/package/libcoap/libcoap.mk
@@ -16,6 +16,8 @@ LIBCOAP_CONF_OPTS = \
 LIBCOAP_AUTORECONF = YES
 # 0001-Backport-fix-for-CVE-2023-30362.patch
 LIBCOAP_IGNORE_CVES += CVE-2023-30362
+# Doesn't affect 4.3.1, see https://github.com/obgm/libcoap/issues/1117
+LIBCOAP_IGNORE_CVES += CVE-2023-35862

 ifeq ($(BR2_PACKAGE_GNUTLS),y)
 LIBCOAP_DEPENDENCIES += gnutls