From: Peter Korsgaard <peter@korsgaard.com>
To: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Subject: Re: [Buildroot] [PATCH 1/2] package/heirloom-mailx: fix comment about ignore CVE-2014-7844
Date: Thu, 14 Sep 2023 10:23:40 +0200 [thread overview]
Message-ID: <878r99yxgz.fsf@48ers.dk> (raw)
In-Reply-To: <20230828212221.2328358-1-thomas.petazzoni@bootlin.com> (Thomas Petazzoni via buildroot's message of "Mon, 28 Aug 2023 23:22:19 +0200")
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes:
> In commit
> 15972770cf34ed0b0ba330e3cc42c04f1c80c3c8 ("package/heirloom-mailx:
> security bump to version 12.5-5 from Debian"), we added CVE-2014-7844
> in HEIRLOOM_MAILX_IGNORE_CVES, but with the wrong comment about it: it
> is a different patch in the Debian stack of patches that fixes
> it. Indeed the description of patch
> 0011-outof-Introduce-expandaddr-flag.patch is:
> =====================================================================
> Subject: [PATCH 1/4] outof: Introduce expandaddr flag
> Document that address expansion is disabled unless the expandaddr
> binary option is set.
> This has been assigned CVE-2014-7844 for BSD mailx, but it is not
> a vulnerability in Heirloom mailx because this feature was documented.
> =====================================================================
> See also https://marc.info/?l=oss-security&m=141875285203183&w=2 for
> details.
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Committed to 2023.02.x and 2023.05.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2023-09-14 8:23 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-08-28 21:22 [Buildroot] [PATCH 1/2] package/heirloom-mailx: fix comment about ignore CVE-2014-7844 Thomas Petazzoni via buildroot
2023-08-28 21:22 ` [Buildroot] [PATCH 2/2] package/heirloom-mailx: ignore CVE-2004-2771 Thomas Petazzoni via buildroot
2023-08-30 20:12 ` Arnout Vandecappelle via buildroot
2023-09-14 8:23 ` Peter Korsgaard
2023-09-14 8:23 ` Peter Korsgaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=878r99yxgz.fsf@48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.