From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: "Raphaël Mélotte via buildroot" <buildroot@buildroot.org>
Cc: "David GOUARIN" <dgouarin@gmail.com>,
"Raphaël Mélotte" <raphael.melotte@mind.be>
Subject: Re: [Buildroot] [PATCH 1/1] package/freeradius-server: ignore CVE-2002-0318 and CVE-2011-4966
Date: Sat, 19 Apr 2025 16:07:09 +0200 [thread overview]
Message-ID: <20250419160709.57df2ad9@windsurf> (raw)
In-Reply-To: <20250414104614.973244-1-raphael.melotte@mind.be>
Hello Raphaël,
On Mon, 14 Apr 2025 12:46:12 +0200
Raphaël Mélotte via buildroot <buildroot@buildroot.org> wrote:
> CVE-2002-0318 has been mitigated by adding a new config option in
> freeradius-server commit f0f762d1439336fff9c8b90291364ddff583f698,
> which is part of release_0_5_0 onwards.
> See also the original report ([1]).
> The NVD database's CPE configuration doesn't have an associated
> version number, which is why our CVE check still reports it.
>
> For CVE-2011-4966, the CVE description (see [2]) mentions the issue is
> fixed in version 2.2.0 onwards, but the CPE again doesn't use a
> version number.
>
> To reduce the noise in the list of CVEs that pkg-stats reports, ignore
> them.
Did you report these to upstream NVD, to get the database updated/fixed?
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2025-04-19 14:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-14 10:46 [Buildroot] [PATCH 1/1] package/freeradius-server: ignore CVE-2002-0318 and CVE-2011-4966 Raphaël Mélotte via buildroot
2025-04-19 14:07 ` Thomas Petazzoni via buildroot [this message]
2025-04-23 15:37 ` Raphaël Mélotte via buildroot
2025-05-18 12:18 ` Thomas Petazzoni via buildroot
2025-06-04 18:19 ` Arnout Vandecappelle via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250419160709.57df2ad9@windsurf \
--to=buildroot@buildroot.org \
--cc=dgouarin@gmail.com \
--cc=raphael.melotte@mind.be \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.