* [Buildroot] [PATCH 1/1] package/glibc: add CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 to _IGNORE_CVES
@ 2026-01-25 11:43 Julien Olivain via buildroot
2026-02-04 8:56 ` Thomas Petazzoni via buildroot
2026-02-13 19:37 ` Thomas Perale via buildroot
0 siblings, 2 replies; 3+ messages in thread
From: Julien Olivain via buildroot @ 2026-01-25 11:43 UTC (permalink / raw)
To: buildroot; +Cc: Romain Naour, Julien Olivain, Thomas Perale
Commit [1] bumped glibc from 2.42-3-gbc13db739 to 2.42-51-gcbf39c26b
to fix some CVEs, but forgot to add those CVEs to GLIBC_IGNORE_CVES.
This was needed because the GLIBC_CPE_ID_VERSION used for CVE checks
remains to the same value "2.42" which is marked as vulnerable to
those CVEs.
This commit adds those _IGNORE_CVES with the corresponding upstream
commit references, to make sure they will not be reported by the
"make pkg-stats" command.
Fixes:
- [1]
[1] https://gitlab.com/buildroot.org/buildroot/-/commit/18de297a5ad3d1fc1b44f54ae69289ca10200ad5
Cc: Waldemar Brodkorb <wbx@openadk.org>
Cc: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
---
package/glibc/glibc.mk | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
index e3453b8cc2..44bf9c4b06 100644
--- a/package/glibc/glibc.mk
+++ b/package/glibc/glibc.mk
@@ -28,6 +28,15 @@ GLIBC_CPE_ID_VERSION = $(word 1, $(subst -,$(space),$(GLIBC_VERSION)))
# Fixed by glibc-2.41-64-g1e16d0096d80a6e12d5bfa8e0aafdd13c47efd65
GLIBC_IGNORE_CVES += CVE-2025-8058
+# Fixed by glibc-2.42-49-gb0ec8fb689df862171f0f78994a3bdeb51313545
+GLIBC_IGNORE_CVES += CVE-2026-0861
+
+# Fixed by glibc-2.42-50-g453e6b8dbab935257eb0802b0c97bca6b67ba30e
+GLIBC_IGNORE_CVES += CVE-2026-0915
+
+# Fixed by glibc-2.42-51-gcbf39c26b25801e9bc88499b4fd361ac172d4125
+GLIBC_IGNORE_CVES += CVE-2025-15281
+
# This CVE is considered as not being security issues by
# upstream glibc:
# https://security-tracker.debian.org/tracker/CVE-2010-4756
--
2.52.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/glibc: add CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 to _IGNORE_CVES
2026-01-25 11:43 [Buildroot] [PATCH 1/1] package/glibc: add CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 to _IGNORE_CVES Julien Olivain via buildroot
@ 2026-02-04 8:56 ` Thomas Petazzoni via buildroot
2026-02-13 19:37 ` Thomas Perale via buildroot
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Petazzoni via buildroot @ 2026-02-04 8:56 UTC (permalink / raw)
To: Julien Olivain; +Cc: buildroot, Romain Naour, Thomas Perale
On Sun, Jan 25, 2026 at 12:43:10PM +0100, Julien Olivain via buildroot wrote:
> Commit [1] bumped glibc from 2.42-3-gbc13db739 to 2.42-51-gcbf39c26b
> to fix some CVEs, but forgot to add those CVEs to GLIBC_IGNORE_CVES.
> This was needed because the GLIBC_CPE_ID_VERSION used for CVE checks
> remains to the same value "2.42" which is marked as vulnerable to
> those CVEs.
>
> This commit adds those _IGNORE_CVES with the corresponding upstream
> commit references, to make sure they will not be reported by the
> "make pkg-stats" command.
>
> Fixes:
> - [1]
>
> [1] https://gitlab.com/buildroot.org/buildroot/-/commit/18de297a5ad3d1fc1b44f54ae69289ca10200ad5
>
> Cc: Waldemar Brodkorb <wbx@openadk.org>
> Cc: Thomas Perale <thomas.perale@mind.be>
> Signed-off-by: Julien Olivain <ju.o@free.fr>
Applied, thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/glibc: add CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 to _IGNORE_CVES
2026-01-25 11:43 [Buildroot] [PATCH 1/1] package/glibc: add CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 to _IGNORE_CVES Julien Olivain via buildroot
2026-02-04 8:56 ` Thomas Petazzoni via buildroot
@ 2026-02-13 19:37 ` Thomas Perale via buildroot
1 sibling, 0 replies; 3+ messages in thread
From: Thomas Perale via buildroot @ 2026-02-13 19:37 UTC (permalink / raw)
To: Julien Olivain; +Cc: Thomas Perale, buildroot
In reply of:
> Commit [1] bumped glibc from 2.42-3-gbc13db739 to 2.42-51-gcbf39c26b
> to fix some CVEs, but forgot to add those CVEs to GLIBC_IGNORE_CVES.
> This was needed because the GLIBC_CPE_ID_VERSION used for CVE checks
> remains to the same value "2.42" which is marked as vulnerable to
> those CVEs.
>
> This commit adds those _IGNORE_CVES with the corresponding upstream
> commit references, to make sure they will not be reported by the
> "make pkg-stats" command.
>
> Fixes:
> - [1]
>
> [1] https://gitlab.com/buildroot.org/buildroot/-/commit/18de297a5ad3d1fc1b44f54ae69289ca10200ad5
>
> Cc: Waldemar Brodkorb <wbx@openadk.org>
> Cc: Thomas Perale <thomas.perale@mind.be>
> Signed-off-by: Julien Olivain <ju.o@free.fr>
Applied to 2025.02.x & 2025.11.x. Thanks
> ---
> package/glibc/glibc.mk | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/package/glibc/glibc.mk b/package/glibc/glibc.mk
> index e3453b8cc2..44bf9c4b06 100644
> --- a/package/glibc/glibc.mk
> +++ b/package/glibc/glibc.mk
> @@ -28,6 +28,15 @@ GLIBC_CPE_ID_VERSION = $(word 1, $(subst -,$(space),$(GLIBC_VERSION)))
> # Fixed by glibc-2.41-64-g1e16d0096d80a6e12d5bfa8e0aafdd13c47efd65
> GLIBC_IGNORE_CVES += CVE-2025-8058
>
> +# Fixed by glibc-2.42-49-gb0ec8fb689df862171f0f78994a3bdeb51313545
> +GLIBC_IGNORE_CVES += CVE-2026-0861
> +
> +# Fixed by glibc-2.42-50-g453e6b8dbab935257eb0802b0c97bca6b67ba30e
> +GLIBC_IGNORE_CVES += CVE-2026-0915
> +
> +# Fixed by glibc-2.42-51-gcbf39c26b25801e9bc88499b4fd361ac172d4125
> +GLIBC_IGNORE_CVES += CVE-2025-15281
> +
> # This CVE is considered as not being security issues by
> # upstream glibc:
> # https://security-tracker.debian.org/tracker/CVE-2010-4756
> --
> 2.52.0
>
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-02-13 19:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-25 11:43 [Buildroot] [PATCH 1/1] package/glibc: add CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 to _IGNORE_CVES Julien Olivain via buildroot
2026-02-04 8:56 ` Thomas Petazzoni via buildroot
2026-02-13 19:37 ` Thomas Perale via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox