From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: Peter Korsgaard <peter@korsgaard.com>
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>,
Luca Ceresoli <luca.ceresoli@bootlin.com>,
buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/2] package/exim: add upstream security fixes for CVE-2022-3559
Date: Sat, 3 Dec 2022 15:33:19 +0100 [thread overview]
Message-ID: <20221203153319.4a941140@windsurf> (raw)
In-Reply-To: <20221202183631.2066307-1-peter@korsgaard.com>
On Fri, 2 Dec 2022 19:36:30 +0100
Peter Korsgaard <peter@korsgaard.com> wrote:
> Fixes CVE-2022-3559: A vulnerability was found in Exim and classified as
> problematic. This issue affects some unknown processing of the component
> Regex Handler. The manipulation leads to use after free. The name of the
> patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to
> apply a patch to fix this issue. The identifier VDB-211073 was assigned to
> this vulnerability.
>
> The upstream patch does not apply to 4.96, so use the backported patches
> from Debian. Amazingly, the patch needs 3 additional patches to unbreak
> builds without "WITH_CONTENT_SCAN" (default in Buildroot), so add those as
> well.
What a mess :-/
> +Subject: [PATCH 1/3] Fix non-WITH_CONTENT_SCAN build.
> +Subject: [PATCH 2/3] Fix non-WITH_CONTENT_SCAN build (2)
> +Subject: [PATCH 3/3] Fix non-WITH_CONTENT_SCAN build (3)
You forgot to drop the patch numbering, so I did it when applying to
master. Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-12-03 14:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-02 18:36 [Buildroot] [PATCH 1/2] package/exim: add upstream security fixes for CVE-2022-3559 Peter Korsgaard
2022-12-02 18:36 ` [Buildroot] [PATCH 2/2] package/exim: mark CVE-2022-3620 as ignored Peter Korsgaard
2022-12-03 14:34 ` Thomas Petazzoni via buildroot
2022-12-07 15:03 ` Peter Korsgaard
2022-12-03 14:33 ` Thomas Petazzoni via buildroot [this message]
2022-12-07 15:03 ` [Buildroot] [PATCH 1/2] package/exim: add upstream security fixes for CVE-2022-3559 Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221203153319.4a941140@windsurf \
--to=buildroot@buildroot.org \
--cc=bernd.kuhls@t-online.de \
--cc=luca.ceresoli@bootlin.com \
--cc=peter@korsgaard.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.