From: Peter Korsgaard <peter@korsgaard.com>
To: Thomas Petazzoni via buildroot <buildroot@buildroot.org>
Cc: Thomas Petazzoni <thomas.petazzoni@bootlin.com>,
Clement Ramirez <clement@clementramirez.fr>
Subject: Re: [Buildroot] [PATCH 2/4] package/busybox: fix pending CVEs
Date: Tue, 04 Feb 2025 15:59:12 +0100 [thread overview]
Message-ID: <87tt99kb7j.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <20250203142748.1135655-3-thomas.petazzoni@bootlin.com> (Thomas Petazzoni via buildroot's message of "Mon, 3 Feb 2025 15:27:41 +0100")
>>>>> "Thomas" == Thomas Petazzoni via buildroot <buildroot@buildroot.org> writes:
> This commit adds patches, which were all backported from upstream, or
> submitted upstream, and that fix various CVEs. To facilitate the
> backporting work, we took the backports from openembedded-core.
> CVE-2021-42380: this one is not marked by NVD as affecting 1.36.1, but
> its fix was merged after 1.36.1, so it seems like the NVD data is
> incorrect. Therefore, no need for a BUSYBOX_IGNORE_CVES entry. Patch
> is upstream, backport taken from openembedded-core.
> CVE-2023-42363, CVE-2023-42364, CVE-2023-42365: patches are upstream,
> backports taken from openembedded-core.
> CVE-2023-42366: patch has been submitted upstream but not merged,
> patch taken from openembedded-core.
> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Committed to 2024.02.x and 2024.11.x, thanks.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2025-02-04 14:59 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-03 14:27 [Buildroot] [PATCH 0/4] Fix Busybox CVEs and bump to 1.37.0 Thomas Petazzoni via buildroot
2025-02-03 14:27 ` [Buildroot] [PATCH 1/4] package/busybox: fix patch 0009 formatting Thomas Petazzoni via buildroot
2025-02-04 8:52 ` Peter Korsgaard
2025-02-04 14:58 ` Peter Korsgaard
2025-02-03 14:27 ` [Buildroot] [PATCH 2/4] package/busybox: fix pending CVEs Thomas Petazzoni via buildroot
2025-02-04 8:53 ` Peter Korsgaard
2025-02-04 14:59 ` Peter Korsgaard [this message]
2025-02-03 14:27 ` [Buildroot] [PATCH 3/4] package/busybox: fix hwclock build issue on RISC-V 32-bit musl configs Thomas Petazzoni via buildroot
2025-02-04 8:55 ` Peter Korsgaard
2025-02-04 14:59 ` Peter Korsgaard
2025-02-03 14:27 ` [Buildroot] [PATCH 4/4] package/busybox bump version to 1.37.0 Thomas Petazzoni via buildroot
2025-02-04 8:56 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87tt99kb7j.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
--cc=clement@clementramirez.fr \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox