[Buildroot] [autobuild.buildroot.net] Your daily results for 2021-08-15

Peter Korsgaard peter at korsgaard.com
Tue Aug 17 10:35:20 UTC 2021


>>>>> "Thomas" == Thomas Petazzoni <thomas.petazzoni at bootlin.com> writes:

Hi,

 > Packages having CVEs
 > ====================

 > This is the list of packages for which a known CVE is affecting them,
 > which means a security vulnerability exists for those packages.

 > CVEs for the 'master' branch
 > ----------------------------

 >              name              |       CVE        |                             link                            
 > -------------------------------+------------------+--------------------------------------------------------------
 >                      mosquitto | CVE-2021-34432   | https://security-tracker.debian.org/tracker/CVE-2021-34432  


 > CVEs for the '2021.02.x' branch
 > -------------------------------

 >              name              |       CVE        |                             link                            
 > -------------------------------+------------------+--------------------------------------------------------------
 >                      mosquitto | CVE-2021-34432   | https://security-tracker.debian.org/tracker/CVE-2021-34432  


 > CVEs for the '2021.05.x' branch
 > -------------------------------

 >              name              |       CVE        |                             link                            
 > -------------------------------+------------------+--------------------------------------------------------------
 >                      mosquitto | CVE-2021-34432   | https://security-tracker.debian.org/tracker/CVE-2021-34432  


 > CVEs for the 'next' branch
 > --------------------------

 >              name              |       CVE        |                             link                            
 > -------------------------------+------------------+--------------------------------------------------------------
 >                      mosquitto | CVE-2021-34432   | https://security-tracker.debian.org/tracker/CVE-2021-34432  

Hmm, looks like we have a bug in the version comparison logic. We have
2.0.11 and the CPE data states <= 2.0.7:

https://nvd.nist.gov/vuln/detail/CVE-2021-34432

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list