* [Buildroot] [PATCH 1/1] package/php: ignore various CVEs
@ 2022-07-31 11:42 Bernd Kuhls
2022-07-31 11:45 ` Baruch Siach via buildroot
[not found] ` <87les9wlk0.fsf__10495.4630181723$1659268091$gmane$org@tarshish>
0 siblings, 2 replies; 5+ messages in thread
From: Bernd Kuhls @ 2022-07-31 11:42 UTC (permalink / raw)
To: buildroot
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
package/php/php.mk | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/package/php/php.mk b/package/php/php.mk
index cb7a8d71d4..8e362ba144 100644
--- a/package/php/php.mk
+++ b/package/php/php.mk
@@ -14,6 +14,12 @@ PHP_DEPENDENCIES = host-pkgconf pcre2
PHP_LICENSE = PHP-3.01
PHP_LICENSE_FILES = LICENSE
PHP_CPE_ID_VENDOR = php
+# fixed with version 5.x: https://ubuntu.com/security/notices/USN-485-1
+PHP_IGNORE_CVES += CVE-2007-2728
+# not a security vulnerability according to Red Hat
+PHP_IGNORE_CVES += CVE-2007-3205
+# not a security vulnerability according to Mandriva
+PHP_IGNORE_CVES += CVE-2007-4596
PHP_CONF_OPTS = \
--mandir=/usr/share/man \
--infodir=/usr/share/info \
--
2.30.2
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 5+ messages in thread* Re: [Buildroot] [PATCH 1/1] package/php: ignore various CVEs 2022-07-31 11:42 [Buildroot] [PATCH 1/1] package/php: ignore various CVEs Bernd Kuhls @ 2022-07-31 11:45 ` Baruch Siach via buildroot [not found] ` <87les9wlk0.fsf__10495.4630181723$1659268091$gmane$org@tarshish> 1 sibling, 0 replies; 5+ messages in thread From: Baruch Siach via buildroot @ 2022-07-31 11:45 UTC (permalink / raw) To: Bernd Kuhls; +Cc: buildroot Hi Bernd, On Sun, Jul 31 2022, Bernd Kuhls wrote: > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> > --- > package/php/php.mk | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/package/php/php.mk b/package/php/php.mk > index cb7a8d71d4..8e362ba144 100644 > --- a/package/php/php.mk > +++ b/package/php/php.mk > @@ -14,6 +14,12 @@ PHP_DEPENDENCIES = host-pkgconf pcre2 > PHP_LICENSE = PHP-3.01 > PHP_LICENSE_FILES = LICENSE > PHP_CPE_ID_VENDOR = php > +# fixed with version 5.x: https://ubuntu.com/security/notices/USN-485-1 > +PHP_IGNORE_CVES += CVE-2007-2728 Why do we need to ignore these old CVEs? Isn't the package version check sufficient? Same question for a few other similar patches that you posted earlier. baruch > +# not a security vulnerability according to Red Hat > +PHP_IGNORE_CVES += CVE-2007-3205 > +# not a security vulnerability according to Mandriva > +PHP_IGNORE_CVES += CVE-2007-4596 > PHP_CONF_OPTS = \ > --mandir=/usr/share/man \ > --infodir=/usr/share/info \ -- ~. .~ Tk Open Systems =}------------------------------------------------ooO--U--Ooo------------{= - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il - _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <87les9wlk0.fsf__10495.4630181723$1659268091$gmane$org@tarshish>]
* Re: [Buildroot] [PATCH 1/1] package/php: ignore various CVEs [not found] ` <87les9wlk0.fsf__10495.4630181723$1659268091$gmane$org@tarshish> @ 2022-07-31 11:56 ` Bernd Kuhls 2022-07-31 12:02 ` Baruch Siach via buildroot [not found] ` <87h72xwkkn.fsf__20322.4888000236$1659269367$gmane$org@tarshish> 0 siblings, 2 replies; 5+ messages in thread From: Bernd Kuhls @ 2022-07-31 11:56 UTC (permalink / raw) To: buildroot Am Sun, 31 Jul 2022 14:45:27 +0300 schrieb Baruch Siach via buildroot: > Why do we need to ignore these old CVEs? Hi, to reduce the lenght of the weekly mail: https://lists.buildroot.org/pipermail/buildroot/2022-July/646199.html Regards, Bernd _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/php: ignore various CVEs 2022-07-31 11:56 ` Bernd Kuhls @ 2022-07-31 12:02 ` Baruch Siach via buildroot [not found] ` <87h72xwkkn.fsf__20322.4888000236$1659269367$gmane$org@tarshish> 1 sibling, 0 replies; 5+ messages in thread From: Baruch Siach via buildroot @ 2022-07-31 12:02 UTC (permalink / raw) To: Bernd Kuhls; +Cc: buildroot Hi Bernd, On Sun, Jul 31 2022, Bernd Kuhls wrote: > Am Sun, 31 Jul 2022 14:45:27 +0300 schrieb Baruch Siach via buildroot: > >> Why do we need to ignore these old CVEs? > > to reduce the lenght of the weekly mail: > https://lists.buildroot.org/pipermail/buildroot/2022-July/646199.html I share your desire to make the weekly list more useful. My question is why current version check method does not filter out these CVEs automatically? I think that the value in moving the list from the weekly mail to a permanent location in Buildroot source tree is questionable. An explanation of why this is necessary would be nice. baruch -- ~. .~ Tk Open Systems =}------------------------------------------------ooO--U--Ooo------------{= - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il - _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <87h72xwkkn.fsf__20322.4888000236$1659269367$gmane$org@tarshish>]
* Re: [Buildroot] [PATCH 1/1] package/php: ignore various CVEs [not found] ` <87h72xwkkn.fsf__20322.4888000236$1659269367$gmane$org@tarshish> @ 2022-07-31 12:29 ` Bernd Kuhls 0 siblings, 0 replies; 5+ messages in thread From: Bernd Kuhls @ 2022-07-31 12:29 UTC (permalink / raw) To: buildroot Am Sun, 31 Jul 2022 15:02:57 +0300 schrieb Baruch Siach via buildroot: > I share your desire to make the weekly list more useful. My question is > why current version check method does not filter out these CVEs > automatically? Hi Baruch, because many CVS entries I added to the ignore lists do not contain any version number in the NVD database, for example: https://nvd.nist.gov/vuln/detail/CVE-1999-0236 cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:* Regards, Bernd _______________________________________________ buildroot mailing list buildroot@buildroot.org https://lists.buildroot.org/mailman/listinfo/buildroot ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-07-31 12:30 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-31 11:42 [Buildroot] [PATCH 1/1] package/php: ignore various CVEs Bernd Kuhls
2022-07-31 11:45 ` Baruch Siach via buildroot
[not found] ` <87les9wlk0.fsf__10495.4630181723$1659268091$gmane$org@tarshish>
2022-07-31 11:56 ` Bernd Kuhls
2022-07-31 12:02 ` Baruch Siach via buildroot
[not found] ` <87h72xwkkn.fsf__20322.4888000236$1659269367$gmane$org@tarshish>
2022-07-31 12:29 ` Bernd Kuhls
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox