From: Gregory CLEMENT <gregory.clement@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] CVE analysis of the resiprocate package
Date: Fri, 11 Sep 2020 11:27:57 +0200 [thread overview]
Message-ID: <87tuw4vf1e.fsf@BL-laptop> (raw)
In-Reply-To: <20200911104753.49ab4f19@windsurf.hq.k.grp>
Thomas Petazzoni <thomas.petazzoni@bootlin.com> writes:
> On Fri, 11 Sep 2020 10:30:34 +0200
> Gregory CLEMENT <gregory.clement@bootlin.com> wrote:
>
>> Among the 2412 packages there are 121 packages for which CVEs refer to
>> minor version.
>
> Could you provide that list, as well as the CPE ID entries that have a
> minor version, so that we can get a feeling of what it looks like ?
Here is the list:
libssh
util-linux
cups
qemu
stunnel
dnsmasq
gnuplot
bind
c-ares
aircrack-ng
iodine
libyang
privoxy
php
dbus
ruby
glibc
libgit2
mariadb
rpm
openswan
squid
lxc
thttpd
exiv2
xen
libxml2
dovecot
monkey
clamav
putty
freerdp
openssh
libmspack
libevent
freetype
irssi
fetchmail
bootstrap
graphicsmagick
exim
gnutls
oniguruma
openssl
cgilua
libtirpc
libvpx
pcsc-lite
pure-ftpd
grep
xz
dhcp
libvorbis
sudo
socat
rsyslog
jquery
openvpn
proftpd
libsndfile
resiprocate
logsurfer
libpng
syslog-ng
nfs-utils
docker
libcurl
postgresql
bash
busybox
openjdk
automake
tor
smack
suricata
unbound
nut
paxtest
ffmpeg
faad2
lynx
libesmtp
chrony
luajit
redis
valgrind
snort
ntp
tinyproxy
haproxy
enscript
libraw
perl
systemd
zeromq
netatalk
gdb
mysql
nmap
libcgroup
dhcpcd
logrotate
readline
collectd
git
subversion
asterisk
runc
ngircd
memcached
tinc
ipsec-tools
go
ejabberd
tcpreplay
dillo
python
imagemagick
links
gnupg
linux
For CPE-id I need to make more change in the script and the list will be
bigger because for each package you can have many version.
I am working on it.
>
> The question is how to deal with this minor version field. Ignore the
> CPE ID when the minor version field is not "*" ? Something else ?
It will work of non of the package managed by buildroot use minor
version. If some packages points on minor version, then should provide
this information.
Using cpeid would allow to provide this information.
Gregory
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
--
Gregory Clement, Bootlin
Embedded Linux and Kernel engineering
http://bootlin.com
next prev parent reply other threads:[~2020-09-11 9:27 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200907071032.C7EB26064C@crulimr02.rockwellcollins.com>
2020-09-09 21:32 ` [Buildroot] [autobuild.buildroot.net] Your daily results for 2020-09-06 Ryan Barnett
2020-09-09 21:57 ` [Buildroot] CVE analysis of the resiprocate package Thomas Petazzoni
2020-09-11 7:21 ` Gregory CLEMENT
2020-09-11 8:30 ` Gregory CLEMENT
2020-09-11 8:47 ` Thomas Petazzoni
2020-09-11 9:27 ` Gregory CLEMENT [this message]
2020-09-11 9:52 ` Gregory CLEMENT
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tuw4vf1e.fsf@BL-laptop \
--to=gregory.clement@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.