* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR
@ 2021-01-26 21:15 Fabrice Fontaine
2021-01-27 18:04 ` André Hentschel
2021-01-28 16:58 ` Yann E. MORIN
0 siblings, 2 replies; 6+ messages in thread
From: Fabrice Fontaine @ 2021-01-26 21:15 UTC (permalink / raw)
To: buildroot
cpe:2.3:a:winehq:wine is a valid CPE identifier for this package:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
---
package/wine/wine.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/package/wine/wine.mk b/package/wine/wine.mk
index 7eafe9b06d..80c9d20d3d 100644
--- a/package/wine/wine.mk
+++ b/package/wine/wine.mk
@@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz
WINE_SITE = https://dl.winehq.org/wine/source/5.x
WINE_LICENSE = LGPL-2.1+
WINE_LICENSE_FILES = COPYING.LIB LICENSE
+WINE_CPE_ID_VENDOR = winehq
WINE_DEPENDENCIES = host-bison host-flex host-wine
HOST_WINE_DEPENDENCIES = host-bison host-flex
--
2.29.2
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR
2021-01-26 21:15 [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR Fabrice Fontaine
@ 2021-01-27 18:04 ` André Hentschel
2021-01-28 16:58 ` Yann E. MORIN
1 sibling, 0 replies; 6+ messages in thread
From: André Hentschel @ 2021-01-27 18:04 UTC (permalink / raw)
To: buildroot
Am 26.01.21 um 22:15 schrieb Fabrice Fontaine:
> cpe:2.3:a:winehq:wine is a valid CPE identifier for this package:
>
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> ---
> package/wine/wine.mk | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/package/wine/wine.mk b/package/wine/wine.mk
> index 7eafe9b06d..80c9d20d3d 100644
> --- a/package/wine/wine.mk
> +++ b/package/wine/wine.mk
> @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz
> WINE_SITE = https://dl.winehq.org/wine/source/5.x
> WINE_LICENSE = LGPL-2.1+
> WINE_LICENSE_FILES = COPYING.LIB LICENSE
> +WINE_CPE_ID_VENDOR = winehq
> WINE_DEPENDENCIES = host-bison host-flex host-wine
> HOST_WINE_DEPENDENCIES = host-bison host-flex
>
>
Acked-by: Andr? Hentschel <nerv@dawncrow.de>
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR
2021-01-26 21:15 [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR Fabrice Fontaine
2021-01-27 18:04 ` André Hentschel
@ 2021-01-28 16:58 ` Yann E. MORIN
2021-01-28 17:07 ` Fabrice Fontaine
1 sibling, 1 reply; 6+ messages in thread
From: Yann E. MORIN @ 2021-01-28 16:58 UTC (permalink / raw)
To: buildroot
Fabrice, All,
On 2021-01-26 22:15 +0100, Fabrice Fontaine spake thusly:
> cpe:2.3:a:winehq:wine is a valid CPE identifier for this package:
>
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Applied to master, thanks.
However, the last CVE against wine was against version 3.13, while we're
already using 5.12, and 6.0 is already out...
Regards,
Yann E. MORIN.
> ---
> package/wine/wine.mk | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/package/wine/wine.mk b/package/wine/wine.mk
> index 7eafe9b06d..80c9d20d3d 100644
> --- a/package/wine/wine.mk
> +++ b/package/wine/wine.mk
> @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz
> WINE_SITE = https://dl.winehq.org/wine/source/5.x
> WINE_LICENSE = LGPL-2.1+
> WINE_LICENSE_FILES = COPYING.LIB LICENSE
> +WINE_CPE_ID_VENDOR = winehq
> WINE_DEPENDENCIES = host-bison host-flex host-wine
> HOST_WINE_DEPENDENCIES = host-bison host-flex
>
> --
> 2.29.2
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR
2021-01-28 16:58 ` Yann E. MORIN
@ 2021-01-28 17:07 ` Fabrice Fontaine
2021-01-28 17:34 ` Yann E. MORIN
0 siblings, 1 reply; 6+ messages in thread
From: Fabrice Fontaine @ 2021-01-28 17:07 UTC (permalink / raw)
To: buildroot
Le jeu. 28 janv. 2021 ? 17:58, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit :
>
> Fabrice, All,
>
> On 2021-01-26 22:15 +0100, Fabrice Fontaine spake thusly:
> > cpe:2.3:a:winehq:wine is a valid CPE identifier for this package:
> >
> > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine
> >
> > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
>
> Applied to master, thanks.
>
> However, the last CVE against wine was against version 3.13, while we're
> already using 5.12, and 6.0 is already out...
Indeed, but I'm not really motivated to send hundreds of requests to
update the NVD ...
Updating release-monitoring.org is easy and useful for every
opensource projects, updating the version in the NVD (when there is no
CVEs associated to this version) seems complicated and not very
useful.
But that's just my feeling, if someone wants to do it, fine.
>
> Regards,
> Yann E. MORIN.
>
> > ---
> > package/wine/wine.mk | 1 +
> > 1 file changed, 1 insertion(+)
> >
> > diff --git a/package/wine/wine.mk b/package/wine/wine.mk
> > index 7eafe9b06d..80c9d20d3d 100644
> > --- a/package/wine/wine.mk
> > +++ b/package/wine/wine.mk
> > @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz
> > WINE_SITE = https://dl.winehq.org/wine/source/5.x
> > WINE_LICENSE = LGPL-2.1+
> > WINE_LICENSE_FILES = COPYING.LIB LICENSE
> > +WINE_CPE_ID_VENDOR = winehq
> > WINE_DEPENDENCIES = host-bison host-flex host-wine
> > HOST_WINE_DEPENDENCIES = host-bison host-flex
> >
> > --
> > 2.29.2
> >
> > _______________________________________________
> > buildroot mailing list
> > buildroot at busybox.net
> > http://lists.busybox.net/mailman/listinfo/buildroot
>
> --
> .-----------------.--------------------.------------------.--------------------.
> | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> '------------------------------^-------^------------------^--------------------'
Best Regards,
Fabrice
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR
2021-01-28 17:07 ` Fabrice Fontaine
@ 2021-01-28 17:34 ` Yann E. MORIN
2021-01-28 17:46 ` Fabrice Fontaine
0 siblings, 1 reply; 6+ messages in thread
From: Yann E. MORIN @ 2021-01-28 17:34 UTC (permalink / raw)
To: buildroot
Fabrice, All,
On 2021-01-28 18:07 +0100, Fabrice Fontaine spake thusly:
> Le jeu. 28 janv. 2021 ? 17:58, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit :
> >
> > Fabrice, All,
> >
> > On 2021-01-26 22:15 +0100, Fabrice Fontaine spake thusly:
> > > cpe:2.3:a:winehq:wine is a valid CPE identifier for this package:
> > >
> > > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine
> > >
> > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> >
> > Applied to master, thanks.
> >
> > However, the last CVE against wine was against version 3.13, while we're
> > already using 5.12, and 6.0 is already out...
> Indeed, but I'm not really motivated to send hundreds of requests to
> update the NVD ...
> Updating release-monitoring.org is easy and useful for every
> opensource projects, updating the version in the NVD (when there is no
> CVEs associated to this version) seems complicated and not very
> useful.
Oh, no worries! I was just surprised not to see any CVE reported against
versions more recent than 3.13...
Regards,
Yann E. MORIN.
> But that's just my feeling, if someone wants to do it, fine.
> >
> > Regards,
> > Yann E. MORIN.
> >
> > > ---
> > > package/wine/wine.mk | 1 +
> > > 1 file changed, 1 insertion(+)
> > >
> > > diff --git a/package/wine/wine.mk b/package/wine/wine.mk
> > > index 7eafe9b06d..80c9d20d3d 100644
> > > --- a/package/wine/wine.mk
> > > +++ b/package/wine/wine.mk
> > > @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz
> > > WINE_SITE = https://dl.winehq.org/wine/source/5.x
> > > WINE_LICENSE = LGPL-2.1+
> > > WINE_LICENSE_FILES = COPYING.LIB LICENSE
> > > +WINE_CPE_ID_VENDOR = winehq
> > > WINE_DEPENDENCIES = host-bison host-flex host-wine
> > > HOST_WINE_DEPENDENCIES = host-bison host-flex
> > >
> > > --
> > > 2.29.2
> > >
> > > _______________________________________________
> > > buildroot mailing list
> > > buildroot at busybox.net
> > > http://lists.busybox.net/mailman/listinfo/buildroot
> >
> > --
> > .-----------------.--------------------.------------------.--------------------.
> > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> > '------------------------------^-------^------------------^--------------------'
> Best Regards,
>
> Fabrice
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR
2021-01-28 17:34 ` Yann E. MORIN
@ 2021-01-28 17:46 ` Fabrice Fontaine
0 siblings, 0 replies; 6+ messages in thread
From: Fabrice Fontaine @ 2021-01-28 17:46 UTC (permalink / raw)
To: buildroot
Le jeu. 28 janv. 2021 ? 18:34, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit :
>
> Fabrice, All,
>
> On 2021-01-28 18:07 +0100, Fabrice Fontaine spake thusly:
> > Le jeu. 28 janv. 2021 ? 17:58, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit :
> > >
> > > Fabrice, All,
> > >
> > > On 2021-01-26 22:15 +0100, Fabrice Fontaine spake thusly:
> > > > cpe:2.3:a:winehq:wine is a valid CPE identifier for this package:
> > > >
> > > > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine
> > > >
> > > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
> > >
> > > Applied to master, thanks.
> > >
> > > However, the last CVE against wine was against version 3.13, while we're
> > > already using 5.12, and 6.0 is already out...
> > Indeed, but I'm not really motivated to send hundreds of requests to
> > update the NVD ...
> > Updating release-monitoring.org is easy and useful for every
> > opensource projects, updating the version in the NVD (when there is no
> > CVEs associated to this version) seems complicated and not very
> > useful.
>
> Oh, no worries! I was just surprised not to see any CVE reported against
> versions more recent than 3.13...
wine 3.13 is not "so" old, it was published in July 2018. I don't know
if there have been any public security issues since that time.
NIST should use release-monitoring.org to track their versions because
a lot of CPEs seem a bit "outdated".
>
> Regards,
> Yann E. MORIN.
>
> > But that's just my feeling, if someone wants to do it, fine.
> > >
> > > Regards,
> > > Yann E. MORIN.
> > >
> > > > ---
> > > > package/wine/wine.mk | 1 +
> > > > 1 file changed, 1 insertion(+)
> > > >
> > > > diff --git a/package/wine/wine.mk b/package/wine/wine.mk
> > > > index 7eafe9b06d..80c9d20d3d 100644
> > > > --- a/package/wine/wine.mk
> > > > +++ b/package/wine/wine.mk
> > > > @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz
> > > > WINE_SITE = https://dl.winehq.org/wine/source/5.x
> > > > WINE_LICENSE = LGPL-2.1+
> > > > WINE_LICENSE_FILES = COPYING.LIB LICENSE
> > > > +WINE_CPE_ID_VENDOR = winehq
> > > > WINE_DEPENDENCIES = host-bison host-flex host-wine
> > > > HOST_WINE_DEPENDENCIES = host-bison host-flex
> > > >
> > > > --
> > > > 2.29.2
> > > >
> > > > _______________________________________________
> > > > buildroot mailing list
> > > > buildroot at busybox.net
> > > > http://lists.busybox.net/mailman/listinfo/buildroot
> > >
> > > --
> > > .-----------------.--------------------.------------------.--------------------.
> > > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> > > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> > > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> > > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> > > '------------------------------^-------^------------------^--------------------'
> > Best Regards,
> >
> > Fabrice
>
> --
> .-----------------.--------------------.------------------.--------------------.
> | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
> | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
> | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
> | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
> '------------------------------^-------^------------------^--------------------'
Best Regards,
Fabrice
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-01-28 17:46 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-01-26 21:15 [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR Fabrice Fontaine
2021-01-27 18:04 ` André Hentschel
2021-01-28 16:58 ` Yann E. MORIN
2021-01-28 17:07 ` Fabrice Fontaine
2021-01-28 17:34 ` Yann E. MORIN
2021-01-28 17:46 ` Fabrice Fontaine
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox