From: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
To: "Raphaël Mélotte via buildroot" <buildroot@buildroot.org>
Cc: "Angelo Compagnucci" <angelo.compagnucci@gmail.com>,
"Raphaël Mélotte" <raphael.melotte@mind.be>
Subject: Re: [Buildroot] [PATCH 1/1] package/apparmor: ignore CVE-2016-1585
Date: Sat, 19 Apr 2025 16:05:59 +0200 [thread overview]
Message-ID: <20250419160559.3ee73fba@windsurf> (raw)
In-Reply-To: <20250414141150.994811-1-raphael.melotte@mind.be>
Hello Raphaël,
On Mon, 14 Apr 2025 16:11:48 +0200
Raphaël Mélotte via buildroot <buildroot@buildroot.org> wrote:
> CVE-2016-1585 is fixed in the following versions:
> apparmor 3.1.6 https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.1.6
> apparmor 3.0.12 https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_3.0.12
> apparmor 2.13.10 https://gitlab.com/apparmor/apparmor/-/wikis/Release_Notes_2.13.10
>
> See the bug report at [1] and in particular the comment at [2].
>
> The NVD CPE does not contain version numbers, so our CVE checker still
> reports it.
> The issue was reported to the NVD by email, but in the meantime let's
> ignore it to reduce the noise in our CVE checker.
Thanks for the patch. However, I'm not sure I'm happy with ignoring
entries that are ultimately "bugs" in the NVD database. Have you heard
back from upstream NVD about your report?
In fact, I'm worried about this APPARMOR_IGNORE_CVES staying forever.
Does our pkg-stats script report those stale CVE entries? If it did,
then we could consider merging your patch, because we know that once
the NVD database gets updated, we'll get a warning/notification from
pkg-stats that this APPARMOR_IGNORE_CVES entry should be dropped.
Best regards,
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2025-04-19 14:06 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-04-14 14:11 [Buildroot] [PATCH 1/1] package/apparmor: ignore CVE-2016-1585 Raphaël Mélotte via buildroot
2025-04-19 14:05 ` Thomas Petazzoni via buildroot [this message]
2025-04-23 15:32 ` Raphaël Mélotte via buildroot
2025-04-23 15:37 ` Thomas Petazzoni via buildroot
2025-04-23 15:57 ` Raphaël Mélotte via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250419160559.3ee73fba@windsurf \
--to=buildroot@buildroot.org \
--cc=angelo.compagnucci@gmail.com \
--cc=raphael.melotte@mind.be \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox