mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-01 13:49:03 +03:00
e69fb48640
The affected code isn't present in any release, see [0]. [0]: https://www.libssh.org/2023/07/14/cve-2023-3603-potential-null-dereference-in-libsshs-sftp-server/ The CPE entry for this CVE is cpe:2.3🅰️libssh:libssh:-:*:*:*:*:*:*:* We interpret the "-" as matching any version. It actually means "unspecified version", which is the cop-out in case there is nothing useful to match. We can't really make our infrastructure ignore "-" entirely, because for all we know our version is an unreleased commit sha which _is_ vulnerable. Thus, the only way out is an exclusion which we'll never be able to remove. Signed-off-by: Daniel Lang <dalang@gmx.at> Signed-off-by: Arnout Vandecappelle <arnout@mind.be> (cherry picked from commit a34a370f4ea27981be43df817f49320a59088e68) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>