* [Buildroot] CVE-2023-0687 version range fix
@ 2024-02-06 14:11 Thomas Petazzoni via buildroot
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni via buildroot @ 2024-02-06 14:11 UTC (permalink / raw)
To: nvd; +Cc: buildroot@buildroot.org
Dear NVD maintainers,
Your entry at https://nvd.nist.gov/vuln/detail/CVE-2023-0687 for
CVE-2023-0687 states that the affected CPE ID is
cpe:2.3:a:gnu:glibc:2.38:*:*:*:*:*:*:*, which indicates that only glibc
2.38 is affected.
But actually, the bug was fixed in glibc 2.38, so it's all versions
prior to 2.38 that are affected. According to the bug report at
https://sourceware.org/bugzilla/show_bug.cgi?id=29444, this issue was
fixed in commit
https://sourceware.org/git/?p=glibc.git;a=commit;h=801af9fafd4689337ebf27260aa115335a0cb2bc,
and:
$ git tag --contains 801af9fafd46
glibc-2.38
glibc-2.38.9000
So the commit fixing this issue made it to the 2.38 release.
Do you think you could adjust the NVD entry for this CVE ?
Thanks a lot in advance!
Thomas Petazzoni
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2024-02-06 14:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-02-06 14:11 [Buildroot] CVE-2023-0687 version range fix Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox