From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [autobuild.buildroot.net] Your daily results for 2021-04-11
Date: Sun, 25 Apr 2021 09:10:48 +0200 [thread overview]
Message-ID: <87v98arg93.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <CAFOYHZC23wcnW0-y=fyiP2x6M2B5CEyFEzJDeWJq_Pw5BuRbkg@mail.gmail.com> (Chris Packham's message of "Mon, 12 Apr 2021 20:37:46 +1200")
>>>>> "Chris" == Chris Packham <judge.packham@gmail.com> writes:
> On Mon, Apr 12, 2021 at 5:10 PM Thomas Petazzoni
> <thomas.petazzoni@bootlin.com> wrote:
>>
>> Hello,
>>
>> Packages having CVEs
>> ====================
>>
>> This is the list of packages for which a known CVE is affecting them,
>> which means a security vulnerability exists for those packages.
>>
>> CVEs for the 'master' branch
>> ----------------------------
>>
>> name | CVE | link
>> -------------------------------+------------------+--------------------------------------------------------------
>> syslog-ng | CVE-2008-5110 | https://security-tracker.debian.org/tracker/CVE-2008-5110
>>
> I've managed to get the CVE updated to say "This flaw affects
> syslog-ng versions prior to and including 2.0.9"[1] but I'm still
> getting these notifications. Is there something else that needs to
> happen now? Actually nist[2] seems to know it's been modified so it
> may be a case of hurry up and wait.
> [1] - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5110
> [2] - https://nvd.nist.gov/vuln/detail/CVE-2008-5110
Sorry for the slow response. I still don't see any update of this in the
CVE database, E.G. it still lists all syslog-ng versions (
cpe:2.3:a:oneidentity:syslog-ng:-:*:*:*:*:*:*:*). Looking at the changes
(https://nvd.nist.gov/vuln/detail/CVE-2008-5110#VulnChangeHistorySection),
it seems that only the textual description got updated, not the matching
data?
--
Bye, Peter Korsgaard
next prev parent reply other threads:[~2021-04-25 7:10 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <6073d64f.1c69fb81.9d11e.7f35SMTPIN_ADDED_MISSING@mx.google.com>
2021-04-12 8:37 ` [Buildroot] [autobuild.buildroot.net] Your daily results for 2021-04-11 Chris Packham
2021-04-25 7:10 ` Peter Korsgaard [this message]
2021-06-10 15:37 ` Thomas Petazzoni
2021-06-14 7:58 ` Chris Packham
2021-06-14 8:45 ` Thomas Petazzoni
2021-06-14 10:00 ` Chris Packham
2021-06-14 12:01 ` Thomas Petazzoni
2021-06-23 7:58 ` Chris Packham
2021-06-23 12:33 ` Thomas Petazzoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87v98arg93.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.