[Buildroot] [autobuild.buildroot.net] Your daily results for 2021-08-15
Peter Korsgaard
peter at korsgaard.com
Tue Aug 17 10:35:20 UTC 2021
>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at bootlin.com> writes:
Hi,
> Packages having CVEs
> ====================
> This is the list of packages for which a known CVE is affecting them,
> which means a security vulnerability exists for those packages.
> CVEs for the 'master' branch
> ----------------------------
> name | CVE | link
> -------------------------------+------------------+--------------------------------------------------------------
> mosquitto | CVE-2021-34432 | https://security-tracker.debian.org/tracker/CVE-2021-34432
> CVEs for the '2021.02.x' branch
> -------------------------------
> name | CVE | link
> -------------------------------+------------------+--------------------------------------------------------------
> mosquitto | CVE-2021-34432 | https://security-tracker.debian.org/tracker/CVE-2021-34432
> CVEs for the '2021.05.x' branch
> -------------------------------
> name | CVE | link
> -------------------------------+------------------+--------------------------------------------------------------
> mosquitto | CVE-2021-34432 | https://security-tracker.debian.org/tracker/CVE-2021-34432
> CVEs for the 'next' branch
> --------------------------
> name | CVE | link
> -------------------------------+------------------+--------------------------------------------------------------
> mosquitto | CVE-2021-34432 | https://security-tracker.debian.org/tracker/CVE-2021-34432
Hmm, looks like we have a bug in the version comparison logic. We have
2.0.11 and the CPE data states <= 2.0.7:
https://nvd.nist.gov/vuln/detail/CVE-2021-34432
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list