* [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package
@ 2020-12-08 12:57 bugzilla at busybox.net
2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: bugzilla at busybox.net @ 2020-12-08 12:57 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
Bug ID: 13366
Summary: make pkg-stats: unrelated CVEs linked to linux package
Product: buildroot
Version: 2020.11
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at buildroot.uclibc.org
Reporter: seems.deviant at gmail.com
CC: buildroot at uclibc.org
Target Milestone: ---
Created attachment 8701
--> https://bugs.busybox.net/attachment.cgi?id=8701&action=edit
hypertext
Steps to reproduce:
$ cat <<EOF > .config
> BR2_LINUX_KERNEL=y
> BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
> EOF
$ make pkg-stats
In my case, there are 110 CVEs linked to linux package, while most of them or
none at all are related.
The last three entries in CVEs column:
https://security-tracker.debian.org/tracker/CVE-2013-2032 - mediawiki
https://security-tracker.debian.org/tracker/CVE-2014-3250 - puppet
https://security-tracker.debian.org/tracker/CVE-2014-4909 - transmission
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
@ 2020-12-08 13:40 ` bugzilla at busybox.net
2020-12-08 14:47 ` bugzilla at busybox.net
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: bugzilla at busybox.net @ 2020-12-08 13:40 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
--- Comment #1 from Thomas Petazzoni <thomas.petazzoni@bootlin.com> ---
Thanks a lot for your bug report! Could you try with the patch series at
https://patchwork.ozlabs.org/project/buildroot/list/?series=218648 applied, and
see if it improves things ?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net
@ 2020-12-08 14:47 ` bugzilla at busybox.net
2020-12-08 14:53 ` bugzilla at busybox.net
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: bugzilla at busybox.net @ 2020-12-08 14:47 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
--- Comment #2 from Aleksandr Makarov <seems.deviant@gmail.com> ---
The mentioned patch series seems to help with the CVEs flood for linux package.
However, I find it odd to see in which order the CVEs column gets sorted now:
- In ascending order: "yellow - orange - green", but i'd expect "orange -
yellow - green"
- In descending order: "green - orange - yellow" instead of "green - yellow -
orange"
(See attached image for illustration)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net
2020-12-08 14:47 ` bugzilla at busybox.net
@ 2020-12-08 14:53 ` bugzilla at busybox.net
2020-12-09 9:33 ` bugzilla at busybox.net
2024-06-15 14:55 ` bugzilla
4 siblings, 0 replies; 6+ messages in thread
From: bugzilla at busybox.net @ 2020-12-08 14:53 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
--- Comment #3 from Aleksandr Makarov <seems.deviant@gmail.com> ---
(The screenshot is 0.5M, attaching the link to external storage)
https://imgur.com/a/LNEyaHR
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
` (2 preceding siblings ...)
2020-12-08 14:53 ` bugzilla at busybox.net
@ 2020-12-09 9:33 ` bugzilla at busybox.net
2024-06-15 14:55 ` bugzilla
4 siblings, 0 replies; 6+ messages in thread
From: bugzilla at busybox.net @ 2020-12-09 9:33 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
--- Comment #4 from Thomas Petazzoni <thomas.petazzoni@bootlin.com> ---
Thanks for your feedback. This sorting is just doing alphabetic sorting I
believe, so it doesn't make much sense for CVEs. It's a bit like sorting the
"Current version" or "Latest version" columns: it doesn't do anything useful.
We should perhaps disable the sorting on some columns.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 6+ messages in thread* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
` (3 preceding siblings ...)
2020-12-09 9:33 ` bugzilla at busybox.net
@ 2024-06-15 14:55 ` bugzilla
4 siblings, 0 replies; 6+ messages in thread
From: bugzilla @ 2024-06-15 14:55 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
Yann E. MORIN <yann.morin.1998@free.fr> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |MOVED
Status|NEW |RESOLVED
CC| |yann.morin.1998@free.fr
--- Comment #5 from Yann E. MORIN <yann.morin.1998@free.fr> ---
Thank you for your report.
The issue tracker for the Buildroot project has been moved to
the Gitlab.com issue tracker:
https://gitlab.com/buildroot.org/buildroot/-/issues
We are taking this opportunity to close old issues in this old
tracker. If you believe your issue is still relevant, please
open one in the new issue tracker.
Thank you!
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-06-15 14:55 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net
2020-12-08 14:47 ` bugzilla at busybox.net
2020-12-08 14:53 ` bugzilla at busybox.net
2020-12-09 9:33 ` bugzilla at busybox.net
2024-06-15 14:55 ` bugzilla
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox