* [Buildroot] CVE-2021-4034 version range fix
@ 2023-09-02 17:34 Thomas Petazzoni via buildroot
2023-09-08 20:59 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-09-02 17:34 UTC (permalink / raw)
To: nvd; +Cc: buildroot@buildroot.org
Dear NVD maintainers,
CVE-2021-4034 is marked in the NVD database as affecting all versions
of the polkit project due to the following "Configuration 1":
cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*
However, as indicated in
https://nvd.nist.gov/vuln/detail/CVE-2021-4034, this issue has been
fixed in the upstream polkit project as of commit
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.
In turn, this commit is integrated in polkit since version 121:
polkit$ git tag --contains a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
121
122
123
So, the "Configuration 1" should be fixed to indicate that only
versions < 121 are affected. Could this be addressed in your NVD
database?
Best regards,
Thomas Petazzoni
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [Buildroot] CVE-2021-4034 version range fix
2023-09-02 17:34 [Buildroot] CVE-2021-4034 version range fix Thomas Petazzoni via buildroot
@ 2023-09-08 20:59 ` Thomas Petazzoni via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-09-08 20:59 UTC (permalink / raw)
To: nvd; +Cc: buildroot@buildroot.org
Hello NVD maintainers,
Gentle ping on the below bug report. Thanks!
Thomas Petazzoni
On Sat, 2 Sep 2023 19:34:34 +0200
Thomas Petazzoni <thomas.petazzoni@bootlin.com> wrote:
> Dear NVD maintainers,
>
> CVE-2021-4034 is marked in the NVD database as affecting all versions
> of the polkit project due to the following "Configuration 1":
>
> cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*
>
> However, as indicated in
> https://nvd.nist.gov/vuln/detail/CVE-2021-4034, this issue has been
> fixed in the upstream polkit project as of commit
> https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683.
>
> In turn, this commit is integrated in polkit since version 121:
>
> polkit$ git tag --contains a2bf5c9c83b6ae46cbd5c779d3055bff81ded683
> 121
> 122
> 123
>
> So, the "Configuration 1" should be fixed to indicate that only
> versions < 121 are affected. Could this be addressed in your NVD
> database?
>
> Best regards,
>
> Thomas Petazzoni
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2023-09-08 21:00 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-02 17:34 [Buildroot] CVE-2021-4034 version range fix Thomas Petazzoni via buildroot
2023-09-08 20:59 ` Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox