* [PATCH] bind: Whitelist CVE-2019-6470
@ 2019-11-13 8:19 Adrian Bunk
2019-11-14 12:04 ` Ross Burton
0 siblings, 1 reply; 8+ messages in thread
From: Adrian Bunk @ 2019-11-13 8:19 UTC (permalink / raw)
To: openembedded-core
Signed-off-by: Adrian Bunk <bunk@stusta.de>
---
meta/recipes-connectivity/bind/bind_9.11.5-P4.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb b/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
index 3e2412dfa4..0a52a66144 100644
--- a/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
+++ b/meta/recipes-connectivity/bind/bind_9.11.5-P4.bb
@@ -37,6 +37,9 @@ UPSTREAM_CHECK_URI = "https://ftp.isc.org/isc/bind9/"
# stay at 9.11 until 9.16, from 9.16 follow the ESV versions divisible by 4
UPSTREAM_CHECK_REGEX = "(?P<pver>9.(11|16|20|24|28)(\.\d+)+(-P\d+)*)/"
+# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
+CVE_CHECK_WHITELIST += "CVE-2019-6470"
+
inherit autotools update-rc.d systemd useradd pkgconfig multilib_script
MULTILIB_SCRIPTS = "${PN}:${bindir}/bind9-config ${PN}:${bindir}/isc-config.sh"
--
2.17.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] bind: Whitelist CVE-2019-6470
2019-11-13 8:19 [PATCH] bind: Whitelist CVE-2019-6470 Adrian Bunk
@ 2019-11-14 12:04 ` Ross Burton
2019-11-14 12:51 ` Adrian Bunk
0 siblings, 1 reply; 8+ messages in thread
From: Ross Burton @ 2019-11-14 12:04 UTC (permalink / raw)
To: openembedded-core
On 13/11/2019 08:19, Adrian Bunk wrote:
> +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
> +CVE_CHECK_WHITELIST += "CVE-2019-6470"
Can you be a bit more explicit about why this is whitelisted?
Ross
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] bind: Whitelist CVE-2019-6470
2019-11-14 12:04 ` Ross Burton
@ 2019-11-14 12:51 ` Adrian Bunk
2019-11-14 13:16 ` Ross Burton
2019-11-14 15:18 ` akuster808
0 siblings, 2 replies; 8+ messages in thread
From: Adrian Bunk @ 2019-11-14 12:51 UTC (permalink / raw)
To: Ross Burton; +Cc: openembedded-core
On Thu, Nov 14, 2019 at 12:04:40PM +0000, Ross Burton wrote:
> On 13/11/2019 08:19, Adrian Bunk wrote:
> > +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
> > +CVE_CHECK_WHITELIST += "CVE-2019-6470"
>
> Can you be a bit more explicit about why this is whitelisted?
Something like
BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since
dhcpd is already recent enough.
?
> Ross
cu
Adrian
--
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] bind: Whitelist CVE-2019-6470
2019-11-14 12:51 ` Adrian Bunk
@ 2019-11-14 13:16 ` Ross Burton
2019-11-18 14:04 ` Adrian Bunk
2019-11-14 15:18 ` akuster808
1 sibling, 1 reply; 8+ messages in thread
From: Ross Burton @ 2019-11-14 13:16 UTC (permalink / raw)
To: Adrian Bunk; +Cc: openembedded-core
On 14/11/2019 12:51, Adrian Bunk wrote:
> On Thu, Nov 14, 2019 at 12:04:40PM +0000, Ross Burton wrote:
>> On 13/11/2019 08:19, Adrian Bunk wrote:
>>> +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
>>> +CVE_CHECK_WHITELIST += "CVE-2019-6470"
>>
>> Can you be a bit more explicit about why this is whitelisted?
>
> Something like
> BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since
> dhcpd is already recent enough.
Right.
Ross
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] bind: Whitelist CVE-2019-6470
2019-11-14 12:51 ` Adrian Bunk
2019-11-14 13:16 ` Ross Burton
@ 2019-11-14 15:18 ` akuster808
2019-11-15 21:46 ` Adrian Bunk
1 sibling, 1 reply; 8+ messages in thread
From: akuster808 @ 2019-11-14 15:18 UTC (permalink / raw)
To: Adrian Bunk, Ross Burton; +Cc: openembedded-core
On 11/14/19 4:51 AM, Adrian Bunk wrote:
> On Thu, Nov 14, 2019 at 12:04:40PM +0000, Ross Burton wrote:
>> On 13/11/2019 08:19, Adrian Bunk wrote:
>>> +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
>>> +CVE_CHECK_WHITELIST += "CVE-2019-6470"
>> Can you be a bit more explicit about why this is whitelisted?
> Something like
> BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since
> dhcpd is already recent enough.
Actual. checking isc dhcp sources, it appears the fix is sitting in
master and has not been merged to any of the stable branches. I have not
had the time to unpack and check in an OE env ti validate that.
Have you done that?
- Armin
> ?
>
>> Ross
> cu
> Adrian
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] bind: Whitelist CVE-2019-6470
2019-11-14 15:18 ` akuster808
@ 2019-11-15 21:46 ` Adrian Bunk
2019-11-17 16:14 ` akuster808
0 siblings, 1 reply; 8+ messages in thread
From: Adrian Bunk @ 2019-11-15 21:46 UTC (permalink / raw)
To: akuster808; +Cc: openembedded-core
On Thu, Nov 14, 2019 at 07:18:28AM -0800, akuster808 wrote:
>
>
> On 11/14/19 4:51 AM, Adrian Bunk wrote:
> > On Thu, Nov 14, 2019 at 12:04:40PM +0000, Ross Burton wrote:
> >> On 13/11/2019 08:19, Adrian Bunk wrote:
> >>> +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
> >>> +CVE_CHECK_WHITELIST += "CVE-2019-6470"
> >> Can you be a bit more explicit about why this is whitelisted?
> > Something like
> > BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since
> > dhcpd is already recent enough.
> Actual. checking isc dhcp sources, it appears the fix is sitting in
> master and has not been merged to any of the stable branches. I have not
> had the time to unpack and check in an OE env ti validate that.
>
> Have you done that?
At what commit are you looking?
rt46719 was merged in 2017, actually before 4.4.0.
> - Armin
cu
Adrian
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] bind: Whitelist CVE-2019-6470
2019-11-15 21:46 ` Adrian Bunk
@ 2019-11-17 16:14 ` akuster808
0 siblings, 0 replies; 8+ messages in thread
From: akuster808 @ 2019-11-17 16:14 UTC (permalink / raw)
To: Adrian Bunk; +Cc: openembedded-core
On 11/15/19 1:46 PM, Adrian Bunk wrote:
> On Thu, Nov 14, 2019 at 07:18:28AM -0800, akuster808 wrote:
>>
>> On 11/14/19 4:51 AM, Adrian Bunk wrote:
>>> On Thu, Nov 14, 2019 at 12:04:40PM +0000, Ross Burton wrote:
>>>> On 13/11/2019 08:19, Adrian Bunk wrote:
>>>>> +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
>>>>> +CVE_CHECK_WHITELIST += "CVE-2019-6470"
>>>> Can you be a bit more explicit about why this is whitelisted?
>>> Something like
>>> BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since
>>> dhcpd is already recent enough.
>> Actual. checking isc dhcp sources, it appears the fix is sitting in
>> master and has not been merged to any of the stable branches. I have not
>> had the time to unpack and check in an OE env ti validate that.
>>
>> Have you done that?
> At what commit are you looking?
https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=abacf8ad0d8844685e5cd76645a34ef2b8da3253
An like I said "it appears" and I alway verify with what sources get
unpacked. I finally got around to it doing that this morning and the
dhcp does have this fix.
-armin
>
> rt46719 was merged in 2017, actually before 4.4.0.
>
>> - Armin
> cu
> Adrian
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] bind: Whitelist CVE-2019-6470
2019-11-14 13:16 ` Ross Burton
@ 2019-11-18 14:04 ` Adrian Bunk
0 siblings, 0 replies; 8+ messages in thread
From: Adrian Bunk @ 2019-11-18 14:04 UTC (permalink / raw)
To: Ross Burton; +Cc: openembedded-core
On Thu, Nov 14, 2019 at 01:16:44PM +0000, Ross Burton wrote:
> On 14/11/2019 12:51, Adrian Bunk wrote:
> > On Thu, Nov 14, 2019 at 12:04:40PM +0000, Ross Burton wrote:
> > > On 13/11/2019 08:19, Adrian Bunk wrote:
> > > > +# Affects: Builds of dhcpd versions prior to version 4.4.1 when using BIND versions 9.11.2 or later
> > > > +CVE_CHECK_WHITELIST += "CVE-2019-6470"
> > >
> > > Can you be a bit more explicit about why this is whitelisted?
> >
> > Something like
> > BIND >= 9.11.2 need dhcpd >= 4.4.1, don't report it here since
> > dhcpd is already recent enough.
>
> Right.
v2 sent.
> Ross
cu
Adrian
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2019-11-18 14:04 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-13 8:19 [PATCH] bind: Whitelist CVE-2019-6470 Adrian Bunk
2019-11-14 12:04 ` Ross Burton
2019-11-14 12:51 ` Adrian Bunk
2019-11-14 13:16 ` Ross Burton
2019-11-18 14:04 ` Adrian Bunk
2019-11-14 15:18 ` akuster808
2019-11-15 21:46 ` Adrian Bunk
2019-11-17 16:14 ` akuster808
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.