[Buildroot] [autobuild.buildroot.net] Your daily results for 2021-04-11

Chris Packham judge.packham at gmail.com
Mon Jun 14 07:58:12 UTC 2021


On Fri, Jun 11, 2021 at 3:37 AM Thomas Petazzoni
<thomas.petazzoni at bootlin.com> wrote:
>
> Hello Chris,
>
> On Mon, 12 Apr 2021 20:37:46 +1200
> Chris Packham <judge.packham at gmail.com> wrote:
>
> > I've managed to get the CVE updated to say "This flaw affects
> > syslog-ng versions prior to and including 2.0.9"[1] but I'm still
> > getting these notifications. Is there something else that needs to
> > happen now? Actually nist[2] seems to know it's been modified so it
> > may be a case of hurry up and wait.
>
> If I look up at https://nvd.nist.gov/vuln/detail/CVE-2008-5110, the
> list of known affected software configurations is still
> cpe:2.3:a:oneidentity:syslog-ng:-:*:*:*:*:*:*:*, which means "all known
> versions.

After some effort the description was updated to say "This flaw
affects syslog-ng versions prior to and including 2.0.9.". But the cpe
entry hasn't been updated (if I understand correctly the reporter
controls the description but nist controls the configurations). The
CVE entry does now say that it has been modified since it was last
analyzed so I'm not sure how/when that will happen.

>
> Thomas
> --
> Thomas Petazzoni, co-owner and CEO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com



More information about the buildroot mailing list