* [Buildroot] CVE-2022-3620 version range fix
@ 2025-05-17 16:30 Thomas Petazzoni via buildroot
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni via buildroot @ 2025-05-17 16:30 UTC (permalink / raw)
To: nvd; +Cc: buildroot@buildroot.org
Hello,
CVE-2022-3620 is documented in your database as affecting version
2022-10-18 of exim, which doesn't make much sense as there is no such
version released by the exim project. See their version naming scheme
by looking at their Git tags:
https://code.exim.org/exim/exim/tags
The Debian Security Tracker at
https://security-tracker.debian.org/tracker/CVE-2022-3620 documents
that this CVE was introduced in commit
92583637b25b6bde926f9ca6be7b085e5ac8b1e6, which first appeared in the
release 4.95 of exim:
$ git tag --contains 92583637b25b6bde926f9ca6be7b085e5ac8b1e6 | sort | head -1
exim-4.95
And was subsequently fixed by 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445
which first appeared in the release 4.97 of exim:
$ git tag --contains 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 | sort | head -1
exim-4.97
Therefore, your entry CVE-2022-3620 should be updated to reflect that
version 4.95 to 4.97 are affected.
Do you think you could adjust this in your database?
Thanks a lot!
Thomas Petazzoni
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-05-17 16:30 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-17 16:30 [Buildroot] CVE-2022-3620 version range fix Thomas Petazzoni via buildroot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.