* [Buildroot] CVE-2022-3559 version range fix
@ 2025-05-17 16:34 Thomas Petazzoni via buildroot
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni via buildroot @ 2025-05-17 16:34 UTC (permalink / raw)
To: nvd; +Cc: buildroot@buildroot.org
Hello,
The NVD database entry for CVE-2022-3559 indicates that "unknown"
versions of exim is affected, with a "-" in the CPE version field:
cpe:2.3:a:exim:exim:-:*:*:*:*:*:*:*
However, the Debian Security Tracker at
https://security-tracker.debian.org/tracker/CVE-2022-3559 gives us some
details on which commits fix the issue:
https://git.exim.org/exim.git/commit/4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2 (exim-4.97-RC0)
Important follow-up fixes:
https://git.exim.org/exim.git/commit/d8ecc7bf97934a1e2244788c610c958cacd740bd (exim-4.97-RC0)
https://git.exim.org/exim.git/commit/158dff9936e36a2d31d037d3988b9353458d6471 (exim-4.97-RC0)
https://git.exim.org/exim.git/commit/32da6327e434e986a18b75a84f2d8c687ba14619 (exim-4.97-RC0)
So while we cannot identify easily when the vulnerability was
introduced, we can for sure say it was fixed in exim 4.97.
Would it be possible to update your CVE entry to indicate that the
issue only exists up to (excluding) exim 4.97 ?
Thanks in advance!
Thomas Petazzoni
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-05-17 16:34 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-17 16:34 [Buildroot] CVE-2022-3559 version range fix Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox