* [Buildroot] [PATCH] package/sysstat: drop CVE-2022-39377 from IGNORE_CVES
@ 2023-09-21 4:15 Daniel Lang
2023-09-21 10:31 ` Thomas Petazzoni via buildroot
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Daniel Lang @ 2023-09-21 4:15 UTC (permalink / raw)
To: buildroot
As off 2022-11-22 CVE-2022-39377 is listed as affecting sysstat
< 2.16.1 instead of < 2.17.1.
Signed-off-by: Daniel Lang <dalang@gmx.at>
---
package/sysstat/sysstat.mk | 3 ---
1 file changed, 3 deletions(-)
diff --git a/package/sysstat/sysstat.mk b/package/sysstat/sysstat.mk
index eaf505dc49..377396d986 100644
--- a/package/sysstat/sysstat.mk
+++ b/package/sysstat/sysstat.mk
@@ -14,9 +14,6 @@ SYSSTAT_LICENSE_FILES = COPYING
SYSSTAT_CPE_ID_VENDOR = sysstat_project
SYSSTAT_SELINUX_MODULES = sysstat
-# NVD is not up-to-date; 12.6.1 includes c1e631eddc50, which fixes the issue
-SYSSTAT_IGNORE_CVES += CVE-2022-39377
-
ifeq ($(BR2_PACKAGE_LM_SENSORS),y)
SYSSTAT_DEPENDENCIES += lm-sensors
SYSSTAT_CONF_OPTS += --enable-sensors
--
2.42.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 4+ messages in thread* Re: [Buildroot] [PATCH] package/sysstat: drop CVE-2022-39377 from IGNORE_CVES
2023-09-21 4:15 [Buildroot] [PATCH] package/sysstat: drop CVE-2022-39377 from IGNORE_CVES Daniel Lang
@ 2023-09-21 10:31 ` Thomas Petazzoni via buildroot
2023-09-21 18:36 ` Arnout Vandecappelle via buildroot
2023-09-25 13:51 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Thomas Petazzoni via buildroot @ 2023-09-21 10:31 UTC (permalink / raw)
To: Daniel Lang; +Cc: buildroot
On Thu, 21 Sep 2023 06:15:18 +0200
Daniel Lang <dalang@gmx.at> wrote:
> As off 2022-11-22 CVE-2022-39377 is listed as affecting sysstat
> < 2.16.1 instead of < 2.17.1.
Hm, the comment below talks about 12.6.1, here's you talking about
2.16.1 vs. 2.17.1. Could you clarify this?
> -# NVD is not up-to-date; 12.6.1 includes c1e631eddc50, which fixes the issue
^^^^^^ here
> -SYSSTAT_IGNORE_CVES += CVE-2022-39377
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: [Buildroot] [PATCH] package/sysstat: drop CVE-2022-39377 from IGNORE_CVES
2023-09-21 4:15 [Buildroot] [PATCH] package/sysstat: drop CVE-2022-39377 from IGNORE_CVES Daniel Lang
2023-09-21 10:31 ` Thomas Petazzoni via buildroot
@ 2023-09-21 18:36 ` Arnout Vandecappelle via buildroot
2023-09-25 13:51 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Arnout Vandecappelle via buildroot @ 2023-09-21 18:36 UTC (permalink / raw)
To: Daniel Lang, buildroot; +Cc: Thomas Petazzoni
On 21/09/2023 06:15, Daniel Lang wrote:
> As off 2022-11-22 CVE-2022-39377 is listed as affecting sysstat
> < 2.16.1 instead of < 2.17.1.
>
> Signed-off-by: Daniel Lang <dalang@gmx.at>
Applied to master, thanks.
Because of Thomas's comment, I've extended the commit message with "The text
is not updated, but the CPE info is." Probably not enough to address his concern
though. The thing is, the comment itself was a bit confusing: the original CPE
info said "Up to (excluding) 12.7.1" and that has been corrected to 12.6.1. So
indeed, the CVE info is currently correct.
Regards,
Arnout
> ---
> package/sysstat/sysstat.mk | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/package/sysstat/sysstat.mk b/package/sysstat/sysstat.mk
> index eaf505dc49..377396d986 100644
> --- a/package/sysstat/sysstat.mk
> +++ b/package/sysstat/sysstat.mk
> @@ -14,9 +14,6 @@ SYSSTAT_LICENSE_FILES = COPYING
> SYSSTAT_CPE_ID_VENDOR = sysstat_project
> SYSSTAT_SELINUX_MODULES = sysstat
>
> -# NVD is not up-to-date; 12.6.1 includes c1e631eddc50, which fixes the issue
> -SYSSTAT_IGNORE_CVES += CVE-2022-39377
> -
> ifeq ($(BR2_PACKAGE_LM_SENSORS),y)
> SYSSTAT_DEPENDENCIES += lm-sensors
> SYSSTAT_CONF_OPTS += --enable-sensors
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [Buildroot] [PATCH] package/sysstat: drop CVE-2022-39377 from IGNORE_CVES
2023-09-21 4:15 [Buildroot] [PATCH] package/sysstat: drop CVE-2022-39377 from IGNORE_CVES Daniel Lang
2023-09-21 10:31 ` Thomas Petazzoni via buildroot
2023-09-21 18:36 ` Arnout Vandecappelle via buildroot
@ 2023-09-25 13:51 ` Peter Korsgaard
2 siblings, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2023-09-25 13:51 UTC (permalink / raw)
To: Daniel Lang; +Cc: buildroot
>>>>> "Daniel" == Daniel Lang <dalang@gmx.at> writes:
> As off 2022-11-22 CVE-2022-39377 is listed as affecting sysstat
> < 2.16.1 instead of < 2.17.1.
> Signed-off-by: Daniel Lang <dalang@gmx.at>
Committed to 2023.02.x, 2023.05.x and 2023.08.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2023-09-25 13:51 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-09-21 4:15 [Buildroot] [PATCH] package/sysstat: drop CVE-2022-39377 from IGNORE_CVES Daniel Lang
2023-09-21 10:31 ` Thomas Petazzoni via buildroot
2023-09-21 18:36 ` Arnout Vandecappelle via buildroot
2023-09-25 13:51 ` Peter Korsgaard
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox