minidlna: ignore CVE-2024-51442

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-51442

The description of the vulnerability says "attacker [...] execute arbitrary
OS commands via a specially crafted minidlna.conf configuration file".

There is no official fix for this CVE, and upstream seems to be inactive
for the past 3 years.

The reason for ignoring this CVE is that the referenced minidlna.conf
file is in the /etc folder, and the file is not world-writable. Which
means that this vulnerability can be exploited only when someone is
root - but if the attacker is already root, they don't need to resort
to minidlna config-file modifications to execute any command they want.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>

0 files changed, 0 insertions, 0 deletions