* [Buildroot] CVE-2022-3620 version range fix
@ 2025-05-17 16:30 Thomas Petazzoni via buildroot
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni via buildroot @ 2025-05-17 16:30 UTC (permalink / raw)
To: nvd; +Cc: buildroot@buildroot.org
Hello,
CVE-2022-3620 is documented in your database as affecting version
2022-10-18 of exim, which doesn't make much sense as there is no such
version released by the exim project. See their version naming scheme
by looking at their Git tags:
https://code.exim.org/exim/exim/tags
The Debian Security Tracker at
https://security-tracker.debian.org/tracker/CVE-2022-3620 documents
that this CVE was introduced in commit
92583637b25b6bde926f9ca6be7b085e5ac8b1e6, which first appeared in the
release 4.95 of exim:
$ git tag --contains 92583637b25b6bde926f9ca6be7b085e5ac8b1e6 | sort | head -1
exim-4.95
And was subsequently fixed by 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445
which first appeared in the release 4.97 of exim:
$ git tag --contains 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445 | sort | head -1
exim-4.97
Therefore, your entry CVE-2022-3620 should be updated to reflect that
version 4.95 to 4.97 are affected.
Do you think you could adjust this in your database?
Thanks a lot!
Thomas Petazzoni
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-05-17 16:30 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-17 16:30 [Buildroot] CVE-2022-3620 version range fix Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox