From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Cc: Bernd Kuhls <bernd.kuhls@t-online.de>,
Luca Ceresoli <luca.ceresoli@bootlin.com>
Subject: Re: [Buildroot] [PATCH 2/2] package/exim: mark CVE-2022-3620 as ignored
Date: Wed, 07 Dec 2022 16:03:59 +0100 [thread overview]
Message-ID: <87pmcv2r34.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20221202183631.2066307-2-peter@korsgaard.com> (Peter Korsgaard's message of "Fri, 2 Dec 2022 19:36:31 +0100")
>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:
> CVE-2022-3620: A vulnerability was found in Exim and classified as
> problematic. This issue affects the function dmarc_dns_lookup of the file
> dmarc.c of the component DMARC Handler. The manipulation leads to use after
> free. The attack may be initiated remotely. The name of the patch is
> 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a
> patch to fix this issue. The associated identifier of this vulnerability is
> VDB-211919.
> This vulnerability is in the DMARC handling, which is only used if
> libopendmarc is available AND SUPPORT_DMARC is set to yes, neither of which
> is true for Buildroot, so ignore the CVE.
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2022-12-07 15:04 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-02 18:36 [Buildroot] [PATCH 1/2] package/exim: add upstream security fixes for CVE-2022-3559 Peter Korsgaard
2022-12-02 18:36 ` [Buildroot] [PATCH 2/2] package/exim: mark CVE-2022-3620 as ignored Peter Korsgaard
2022-12-03 14:34 ` Thomas Petazzoni via buildroot
2022-12-07 15:03 ` Peter Korsgaard [this message]
2022-12-03 14:33 ` [Buildroot] [PATCH 1/2] package/exim: add upstream security fixes for CVE-2022-3559 Thomas Petazzoni via buildroot
2022-12-07 15:03 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87pmcv2r34.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=bernd.kuhls@t-online.de \
--cc=buildroot@buildroot.org \
--cc=luca.ceresoli@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.