From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 00/10] Misc CVE ignores
Date: Sat, 24 Apr 2021 11:29:52 +0200 [thread overview]
Message-ID: <20210424092952.GS298901@scaer> (raw)
In-Reply-To: <20210421204235.5956-1-matthew.weber@rockwellcollins.com>
Matt, All,
On 2021-04-21 15:42 -0500, Matt Weber spake thusly:
> * I'm working on upstream NVD fixes for some of these.
>
> * There are roughly half of the ignore cases that are a bit of a
> challenge to identify where the fix was clearly tracked into
> a specific version. I tried to document in each commit as much
> as a could by linking to conversations clarifying the details.
>
> Matt Weber (10):
> package/bind: ignore CVE-2017-3139
> package/coreutils: ignore CVE-2013-0221, CVE-2013-0222, CVE-2013-0223
> package/bind: ignore CVE-2019-6470
> package/cmake: ignore CVE-2016-10642
> package/flex: ignore CVE-2019-6293
For this one, I've switched to using the actual upstream URL, rather
that of a downstream consumer:
https://github.com/westes/flex/issues/414
> package/hostapd: ignore CVE-2021-30004 when using openssl
> package/wpa_supplicant: ignore CVE-2021-30004 when using openssl
> package/ncurses: ignore CVE-2018-10754, CVE-2018-19211,
> CVE-2018-19217, CVE-2019-17594, CVE-2019-17595
> package/rsyslog: ignore CVE-2015-3243
> package/tar: ignore CVE-2007-4476
Series applied to master, thanks.
Regards,
Yann E. MORIN.
> package/bind/bind.mk | 4 ++++
> package/cmake/cmake.mk | 2 ++
> package/coreutils/coreutils.mk | 4 ++++
> package/flex/flex.mk | 3 +++
> package/hostapd/hostapd.mk | 2 ++
> package/ncurses/ncurses.mk | 6 ++++++
> package/rsyslog/rsyslog.mk | 4 ++++
> package/tar/tar.mk | 2 ++
> package/wpa_supplicant/wpa_supplicant.mk | 2 ++
> 9 files changed, 29 insertions(+)
>
> --
> 2.17.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
next prev parent reply other threads:[~2021-04-24 9:29 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-21 20:42 [Buildroot] [PATCH 00/10] Misc CVE ignores Matt Weber
2021-04-21 20:42 ` [Buildroot] [PATCH 01/10] package/bind: ignore CVE-2017-3139 Matt Weber
2021-04-21 20:42 ` [Buildroot] [PATCH 02/10] package/coreutils: ignore CVE-2013-0221, CVE-2013-0222, CVE-2013-0223 Matt Weber
2021-04-26 19:15 ` Peter Korsgaard
2021-04-21 20:42 ` [Buildroot] [PATCH 03/10] package/bind: ignore CVE-2019-6470 Matt Weber
2021-04-21 20:42 ` [Buildroot] [PATCH 04/10] package/cmake: ignore CVE-2016-10642 Matt Weber
2021-04-21 20:42 ` [Buildroot] [PATCH 05/10] package/flex: ignore CVE-2019-6293 Matt Weber
2021-04-21 20:42 ` [Buildroot] [PATCH 06/10] package/hostapd: ignore CVE-2021-30004 when using openssl Matt Weber
2021-04-26 19:52 ` Peter Korsgaard
2021-04-21 20:42 ` [Buildroot] [PATCH 07/10] package/wpa_supplicant: " Matt Weber
2021-04-21 20:42 ` [Buildroot] [PATCH 08/10] package/ncurses: ignore CVE-2018-10754, CVE-2018-19211, CVE-2018-19217, CVE-2019-17594, CVE-2019-17595 Matt Weber
2021-04-21 20:42 ` [Buildroot] [PATCH 09/10] package/rsyslog: ignore CVE-2015-3243 Matt Weber
2021-04-26 20:26 ` Peter Korsgaard
2021-04-21 20:42 ` [Buildroot] [PATCH 10/10] package/tar: ignore CVE-2007-4476 Matt Weber
2021-04-24 9:29 ` Yann E. MORIN [this message]
2021-04-26 20:29 ` [Buildroot] [PATCH 00/10] Misc CVE ignores Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210424092952.GS298901@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox