* [Buildroot] CVE-2021-4034 version range fix
@ 2023-09-02 17:34 Thomas Petazzoni via buildroot
2023-09-08 20:59 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-09-02 17:34 UTC (permalink / raw)
To: nvd; +Cc: buildroot@buildroot.org
Dear NVD maintainers,
CVE-2021-4034 is marked in the NVD database as affecting all versions
of the polkit project due to the following "Configuration 1":
cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*
However, as indicated in
https://nvd.nist.gov/vuln/detail/CVE-2021-4034, this issue has been
fixed in the upstream polkit project as of commit
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.
In turn, this commit is integrated in polkit since version 121:
polkit$ git tag --contains a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
121
122
123
So, the "Configuration 1" should be fixed to indicate that only
versions < 121 are affected. Could this be addressed in your NVD
database?
Best regards,
Thomas Petazzoni
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Buildroot] CVE-2021-4034 version range fix
2023-09-02 17:34 [Buildroot] CVE-2021-4034 version range fix Thomas Petazzoni via buildroot
@ 2023-09-08 20:59 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-09-08 20:59 UTC (permalink / raw)
To: nvd; +Cc: buildroot@buildroot.org
Hello NVD maintainers,
Gentle ping on the below bug report. Thanks!
Thomas Petazzoni
On Sat, 2 Sep 2023 19:34:34 +0200
Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:
> Dear NVD maintainers,
>
> CVE-2021-4034 is marked in the NVD database as affecting all versions
> of the polkit project due to the following "Configuration 1":
>
> cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*
>
> However, as indicated in
> https://nvd.nist.gov/vuln/detail/CVE-2021-4034, this issue has been
> fixed in the upstream polkit project as of commit
> https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.
>
> In turn, this commit is integrated in polkit since version 121:
>
> polkit$ git tag --contains a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
> 121
> 122
> 123
>
> So, the "Configuration 1" should be fixed to indicate that only
> versions < 121 are affected. Could this be addressed in your NVD
> database?
>
> Best regards,
>
> Thomas Petazzoni
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-09-08 21:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-02 17:34 [Buildroot] CVE-2021-4034 version range fix Thomas Petazzoni via buildroot
2023-09-08 20:59 ` Thomas Petazzoni via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.