mirror of
https://git.busybox.net/buildroot
synced 2025-12-20 01:10:56 +08:00
1167d0ff3d
Adds documentation about adding a patch that address a vulnerability. The patch-policy file now explain mention that patches that address a vulnerability needs to include a `CVE:` trailer with the reference of that vulnerability. Until now only adding the reference to the `_IGNORE_CVES` variable was necessary, so the documentation of this entry is modified as well to point to the patch policy. Signed-off-by: Thomas Perale <thomas.perale@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>