* [Buildroot] [autobuild.buildroot.net] Your daily results for 2020-11-29
[not found] <J1YLKQ.P3QKQKT3GHRM@crapouillou.net>
@ 2020-11-30 13:56 ` Thomas Petazzoni
0 siblings, 0 replies; only message in thread
From: Thomas Petazzoni @ 2020-11-30 13:56 UTC (permalink / raw)
To: buildroot
Hello,
On Mon, 30 Nov 2020 11:46:31 +0000
Paul Cercueil <paul@crapouillou.net> wrote:
> > Packages with CVEs
> > ==================
> >
> > This is the list of packages for which a known CVE is affecting
> > them, which means a security vulnerability exists for
> > those packages.
> >
> > name | CVE |
> > link
> > -------------------------------+------------------+--------------------------------------------------------------
> > lightning | CVE-2020-7747 |
> > https://security-tracker.debian.org/tracker/CVE-2020-7747
>
> The CVE is for lightning-server (whatever that is), while the
> "lightning" package is for GNU Lightning which is a JIT library.
Thanks for the report. This is precisely what the recently merged CPE
ID matching series allows to solve: make sure we can associate to each
package the correct CPE ID, so that CVEs are not just matched based on
the package name.
The initial steps of this have been merged in the next branch last
week. I have 3 remaining patches in this series that I need to respin.
Thanks!
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-11-30 13:56 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <J1YLKQ.P3QKQKT3GHRM@crapouillou.net>
2020-11-30 13:56 ` [Buildroot] [autobuild.buildroot.net] Your daily results for 2020-11-29 Thomas Petazzoni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.