* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR @ 2021-01-26 21:15 Fabrice Fontaine 2021-01-27 18:04 ` André Hentschel 2021-01-28 16:58 ` Yann E. MORIN 0 siblings, 2 replies; 6+ messages in thread From: Fabrice Fontaine @ 2021-01-26 21:15 UTC (permalink / raw) To: buildroot cpe:2.3:a:winehq:wine is a valid CPE identifier for this package: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> --- package/wine/wine.mk | 1 + 1 file changed, 1 insertion(+) diff --git a/package/wine/wine.mk b/package/wine/wine.mk index 7eafe9b06d..80c9d20d3d 100644 --- a/package/wine/wine.mk +++ b/package/wine/wine.mk @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz WINE_SITE = https://dl.winehq.org/wine/source/5.x WINE_LICENSE = LGPL-2.1+ WINE_LICENSE_FILES = COPYING.LIB LICENSE +WINE_CPE_ID_VENDOR = winehq WINE_DEPENDENCIES = host-bison host-flex host-wine HOST_WINE_DEPENDENCIES = host-bison host-flex -- 2.29.2 ^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR 2021-01-26 21:15 [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR Fabrice Fontaine @ 2021-01-27 18:04 ` André Hentschel 2021-01-28 16:58 ` Yann E. MORIN 1 sibling, 0 replies; 6+ messages in thread From: André Hentschel @ 2021-01-27 18:04 UTC (permalink / raw) To: buildroot Am 26.01.21 um 22:15 schrieb Fabrice Fontaine: > cpe:2.3:a:winehq:wine is a valid CPE identifier for this package: > > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > --- > package/wine/wine.mk | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/package/wine/wine.mk b/package/wine/wine.mk > index 7eafe9b06d..80c9d20d3d 100644 > --- a/package/wine/wine.mk > +++ b/package/wine/wine.mk > @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz > WINE_SITE = https://dl.winehq.org/wine/source/5.x > WINE_LICENSE = LGPL-2.1+ > WINE_LICENSE_FILES = COPYING.LIB LICENSE > +WINE_CPE_ID_VENDOR = winehq > WINE_DEPENDENCIES = host-bison host-flex host-wine > HOST_WINE_DEPENDENCIES = host-bison host-flex > > Acked-by: Andr? Hentschel <nerv@dawncrow.de> ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR 2021-01-26 21:15 [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR Fabrice Fontaine 2021-01-27 18:04 ` André Hentschel @ 2021-01-28 16:58 ` Yann E. MORIN 2021-01-28 17:07 ` Fabrice Fontaine 1 sibling, 1 reply; 6+ messages in thread From: Yann E. MORIN @ 2021-01-28 16:58 UTC (permalink / raw) To: buildroot Fabrice, All, On 2021-01-26 22:15 +0100, Fabrice Fontaine spake thusly: > cpe:2.3:a:winehq:wine is a valid CPE identifier for this package: > > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Applied to master, thanks. However, the last CVE against wine was against version 3.13, while we're already using 5.12, and 6.0 is already out... Regards, Yann E. MORIN. > --- > package/wine/wine.mk | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/package/wine/wine.mk b/package/wine/wine.mk > index 7eafe9b06d..80c9d20d3d 100644 > --- a/package/wine/wine.mk > +++ b/package/wine/wine.mk > @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz > WINE_SITE = https://dl.winehq.org/wine/source/5.x > WINE_LICENSE = LGPL-2.1+ > WINE_LICENSE_FILES = COPYING.LIB LICENSE > +WINE_CPE_ID_VENDOR = winehq > WINE_DEPENDENCIES = host-bison host-flex host-wine > HOST_WINE_DEPENDENCIES = host-bison host-flex > > -- > 2.29.2 > > _______________________________________________ > buildroot mailing list > buildroot at busybox.net > http://lists.busybox.net/mailman/listinfo/buildroot -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR 2021-01-28 16:58 ` Yann E. MORIN @ 2021-01-28 17:07 ` Fabrice Fontaine 2021-01-28 17:34 ` Yann E. MORIN 0 siblings, 1 reply; 6+ messages in thread From: Fabrice Fontaine @ 2021-01-28 17:07 UTC (permalink / raw) To: buildroot Le jeu. 28 janv. 2021 ? 17:58, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit : > > Fabrice, All, > > On 2021-01-26 22:15 +0100, Fabrice Fontaine spake thusly: > > cpe:2.3:a:winehq:wine is a valid CPE identifier for this package: > > > > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine > > > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > > Applied to master, thanks. > > However, the last CVE against wine was against version 3.13, while we're > already using 5.12, and 6.0 is already out... Indeed, but I'm not really motivated to send hundreds of requests to update the NVD ... Updating release-monitoring.org is easy and useful for every opensource projects, updating the version in the NVD (when there is no CVEs associated to this version) seems complicated and not very useful. But that's just my feeling, if someone wants to do it, fine. > > Regards, > Yann E. MORIN. > > > --- > > package/wine/wine.mk | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/package/wine/wine.mk b/package/wine/wine.mk > > index 7eafe9b06d..80c9d20d3d 100644 > > --- a/package/wine/wine.mk > > +++ b/package/wine/wine.mk > > @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz > > WINE_SITE = https://dl.winehq.org/wine/source/5.x > > WINE_LICENSE = LGPL-2.1+ > > WINE_LICENSE_FILES = COPYING.LIB LICENSE > > +WINE_CPE_ID_VENDOR = winehq > > WINE_DEPENDENCIES = host-bison host-flex host-wine > > HOST_WINE_DEPENDENCIES = host-bison host-flex > > > > -- > > 2.29.2 > > > > _______________________________________________ > > buildroot mailing list > > buildroot at busybox.net > > http://lists.busybox.net/mailman/listinfo/buildroot > > -- > .-----------------.--------------------.------------------.--------------------. > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | > '------------------------------^-------^------------------^--------------------' Best Regards, Fabrice ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR 2021-01-28 17:07 ` Fabrice Fontaine @ 2021-01-28 17:34 ` Yann E. MORIN 2021-01-28 17:46 ` Fabrice Fontaine 0 siblings, 1 reply; 6+ messages in thread From: Yann E. MORIN @ 2021-01-28 17:34 UTC (permalink / raw) To: buildroot Fabrice, All, On 2021-01-28 18:07 +0100, Fabrice Fontaine spake thusly: > Le jeu. 28 janv. 2021 ? 17:58, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit : > > > > Fabrice, All, > > > > On 2021-01-26 22:15 +0100, Fabrice Fontaine spake thusly: > > > cpe:2.3:a:winehq:wine is a valid CPE identifier for this package: > > > > > > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine > > > > > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > > > > Applied to master, thanks. > > > > However, the last CVE against wine was against version 3.13, while we're > > already using 5.12, and 6.0 is already out... > Indeed, but I'm not really motivated to send hundreds of requests to > update the NVD ... > Updating release-monitoring.org is easy and useful for every > opensource projects, updating the version in the NVD (when there is no > CVEs associated to this version) seems complicated and not very > useful. Oh, no worries! I was just surprised not to see any CVE reported against versions more recent than 3.13... Regards, Yann E. MORIN. > But that's just my feeling, if someone wants to do it, fine. > > > > Regards, > > Yann E. MORIN. > > > > > --- > > > package/wine/wine.mk | 1 + > > > 1 file changed, 1 insertion(+) > > > > > > diff --git a/package/wine/wine.mk b/package/wine/wine.mk > > > index 7eafe9b06d..80c9d20d3d 100644 > > > --- a/package/wine/wine.mk > > > +++ b/package/wine/wine.mk > > > @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz > > > WINE_SITE = https://dl.winehq.org/wine/source/5.x > > > WINE_LICENSE = LGPL-2.1+ > > > WINE_LICENSE_FILES = COPYING.LIB LICENSE > > > +WINE_CPE_ID_VENDOR = winehq > > > WINE_DEPENDENCIES = host-bison host-flex host-wine > > > HOST_WINE_DEPENDENCIES = host-bison host-flex > > > > > > -- > > > 2.29.2 > > > > > > _______________________________________________ > > > buildroot mailing list > > > buildroot at busybox.net > > > http://lists.busybox.net/mailman/listinfo/buildroot > > > > -- > > .-----------------.--------------------.------------------.--------------------. > > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | > > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | > > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | > > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | > > '------------------------------^-------^------------------^--------------------' > Best Regards, > > Fabrice -- .-----------------.--------------------.------------------.--------------------. | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | '------------------------------^-------^------------------^--------------------' ^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR 2021-01-28 17:34 ` Yann E. MORIN @ 2021-01-28 17:46 ` Fabrice Fontaine 0 siblings, 0 replies; 6+ messages in thread From: Fabrice Fontaine @ 2021-01-28 17:46 UTC (permalink / raw) To: buildroot Le jeu. 28 janv. 2021 ? 18:34, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit : > > Fabrice, All, > > On 2021-01-28 18:07 +0100, Fabrice Fontaine spake thusly: > > Le jeu. 28 janv. 2021 ? 17:58, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit : > > > > > > Fabrice, All, > > > > > > On 2021-01-26 22:15 +0100, Fabrice Fontaine spake thusly: > > > > cpe:2.3:a:winehq:wine is a valid CPE identifier for this package: > > > > > > > > https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=cpe%3A2.3%3Aa%3Awinehq%3Awine > > > > > > > > Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> > > > > > > Applied to master, thanks. > > > > > > However, the last CVE against wine was against version 3.13, while we're > > > already using 5.12, and 6.0 is already out... > > Indeed, but I'm not really motivated to send hundreds of requests to > > update the NVD ... > > Updating release-monitoring.org is easy and useful for every > > opensource projects, updating the version in the NVD (when there is no > > CVEs associated to this version) seems complicated and not very > > useful. > > Oh, no worries! I was just surprised not to see any CVE reported against > versions more recent than 3.13... wine 3.13 is not "so" old, it was published in July 2018. I don't know if there have been any public security issues since that time. NIST should use release-monitoring.org to track their versions because a lot of CPEs seem a bit "outdated". > > Regards, > Yann E. MORIN. > > > But that's just my feeling, if someone wants to do it, fine. > > > > > > Regards, > > > Yann E. MORIN. > > > > > > > --- > > > > package/wine/wine.mk | 1 + > > > > 1 file changed, 1 insertion(+) > > > > > > > > diff --git a/package/wine/wine.mk b/package/wine/wine.mk > > > > index 7eafe9b06d..80c9d20d3d 100644 > > > > --- a/package/wine/wine.mk > > > > +++ b/package/wine/wine.mk > > > > @@ -9,6 +9,7 @@ WINE_SOURCE = wine-$(WINE_VERSION).tar.xz > > > > WINE_SITE = https://dl.winehq.org/wine/source/5.x > > > > WINE_LICENSE = LGPL-2.1+ > > > > WINE_LICENSE_FILES = COPYING.LIB LICENSE > > > > +WINE_CPE_ID_VENDOR = winehq > > > > WINE_DEPENDENCIES = host-bison host-flex host-wine > > > > HOST_WINE_DEPENDENCIES = host-bison host-flex > > > > > > > > -- > > > > 2.29.2 > > > > > > > > _______________________________________________ > > > > buildroot mailing list > > > > buildroot at busybox.net > > > > http://lists.busybox.net/mailman/listinfo/buildroot > > > > > > -- > > > .-----------------.--------------------.------------------.--------------------. > > > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | > > > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | > > > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | > > > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | > > > '------------------------------^-------^------------------^--------------------' > > Best Regards, > > > > Fabrice > > -- > .-----------------.--------------------.------------------.--------------------. > | Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: | > | +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ | > | +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no | > | http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. | > '------------------------------^-------^------------------^--------------------' Best Regards, Fabrice ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2021-01-28 17:46 UTC | newest] Thread overview: 6+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2021-01-26 21:15 [Buildroot] [PATCH 1/1] package/wine: add WINE_CPE_ID_VENDOR Fabrice Fontaine 2021-01-27 18:04 ` André Hentschel 2021-01-28 16:58 ` Yann E. MORIN 2021-01-28 17:07 ` Fabrice Fontaine 2021-01-28 17:34 ` Yann E. MORIN 2021-01-28 17:46 ` Fabrice Fontaine
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox