[Buildroot] [autobuild.buildroot.net] Your daily results for 2020-07-12
matthew.weber at collins.com
Tue Jul 21 15:30:34 UTC 2020
On Tue, Jul 21, 2020 at 10:27 AM Thomas Petazzoni
<thomas.petazzoni at bootlin.com> wrote:
> Hello Matt,
> On Tue, 21 Jul 2020 10:13:03 -0500
> Matthew Weber <matthew.weber at collins.com> wrote:
> > I've submitted the following request to fix this
> > 1) Navigated to https://cveform.mitre.org/
> > 2) "Select a request type" as "Request and update to an existing CVE Entry"
> > 3) "Type of update requested" as "Update Description"
> > 4) "CVE ID to be updated" as 2010-0751
> > 5) "Description" as "We've found that the v1.24 fixes the CVE and all
> > prior versions contain the bug. The CVE currently lists that 1.24 is
> > still vulnerable. This can be proved by checking the CHANGES file
> > within the source archive
> > (https://sourceforge.net/projects/libnids/files/libnids/1.24/libnids-1.24.tar.gz/download)
> > that outlines this ("fixed another remotely triggerable NULL
> > dereference in ip_fragment.c") comment. Also within that archive the
> > source code src/ip_fragment on line 378 has the fix
> > (https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=576281;filename=CVE-2010-1144.patch;msg=5)
> > (NOTE 2010-1144 is a rejected CVE which was split to include
> > 2010-0751)."
> Thanks for doing this !
> > Thomas, do you think it would be beneficial to add a section with
> > these notes in the manual?
> Reading your e-mail, I was precisely thinking "it would be great to
> write this down somewhere". I don't know if the manual is the right
> place though, as it is really for Buildroot maintainers/developers.
> Would the Wiki be a better location ?
Ah, yeah that could work. I was looking at making a subsection under
"21.6. Reporting issues/bugs or getting help" if we do add it in the
manual. There are going to be cases where a Buildroot CVE report
misreports because of our scripts, plus the case of an actual
Maybe we start on the wiki?
More information about the buildroot