[Buildroot] [autobuild.buildroot.net] Your daily results for 2020-10-18
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Wed Oct 21 07:36:44 UTC 2020
On Wed, 21 Oct 2020 20:00:53 +1300
Chris Packham <judge.packham at gmail.com> wrote:
> > Would you mind checking NVD
> > (https://nvd.nist.gov/vuln/detail/CVE-2008-5110) and making sure it
> > has been correctly allocated to the correct range of versions? If it
> > doesn't look correct, I've captured some notes on how to update the
> > entry.
> > https://elinux.org/Buildroot:Security_Vulnerability_Management
>
> The NVD entry looks weird it doesn't list any version range. The debian bug
> report says the affected version is 2.0.9 bulidroot is using version
> 3.29.1. I think the NVD entry is just matching any syslog-ng version. We
> should probably just add an ignore entry for it.
No, what we've been trying to do is to get the NVD database entries
fixed instead of papering over the problem. The link given by Matt
provides some details on how to report such issues to the NVD
maintainers. We have already managed to get them to fix other CVE
entries.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list