* [Buildroot] [PATCH/stable] package/putty: Ignore CVE-2021-33500
@ 2021-06-01 7:03 Alexander Dahl
2021-06-08 5:09 ` Alexander Dahl
0 siblings, 1 reply; 4+ messages in thread
From: Alexander Dahl @ 2021-06-01 7:03 UTC (permalink / raw)
To: buildroot
Since putty is only affected by this CVE on Windows, ignore it in the
stable branch. Branch master is not affected anymore already, due to
newer version which got fixed.
Signed-off-by: Alexander Dahl <post@lespocky.de>
---
package/putty/putty.mk | 3 +++
1 file changed, 3 insertions(+)
diff --git a/package/putty/putty.mk b/package/putty/putty.mk
index c40cac9dc5..8a494d4e54 100644
--- a/package/putty/putty.mk
+++ b/package/putty/putty.mk
@@ -12,6 +12,9 @@ PUTTY_CPE_ID_VENDOR = putty
PUTTY_CONF_OPTS = --disable-gtktest
PUTTY_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -Wno-error"
+# Windows only, fixed for Windows with 0.75
+PUTTY_IGNORE_CVES += CVE-2021-33500
+
ifeq ($(BR2_PACKAGE_LIBGTK2),y)
PUTTY_CONF_OPTS += --with-gtk=2
PUTTY_DEPENDENCIES += libgtk2
base-commit: 677b20cf240d099e1bfc1d50e54730083618d24f
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH/stable] package/putty: Ignore CVE-2021-33500
2021-06-01 7:03 [Buildroot] [PATCH/stable] package/putty: Ignore CVE-2021-33500 Alexander Dahl
@ 2021-06-08 5:09 ` Alexander Dahl
2021-06-08 6:35 ` Peter Korsgaard
2021-06-11 8:17 ` Peter Korsgaard
0 siblings, 2 replies; 4+ messages in thread
From: Alexander Dahl @ 2021-06-08 5:09 UTC (permalink / raw)
To: buildroot
Hello everyone,
since I get autobuilder warning mails every Monday for CVE-2021-33500
now, I kindly wanted to ask, if this is the right approach?
That CVE only affects Windows, master has putty 0.75 which has that
fixed already. So I thought it would not be necessary to backport 0.75
to the stable branch(es), but ignore that CVE in stable branches only?
Greets
Alex
On Tue, Jun 01, 2021 at 09:03:16AM +0200, Alexander Dahl wrote:
> Since putty is only affected by this CVE on Windows, ignore it in the
> stable branch. Branch master is not affected anymore already, due to
> newer version which got fixed.
>
> Signed-off-by: Alexander Dahl <post@lespocky.de>
> ---
> package/putty/putty.mk | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/package/putty/putty.mk b/package/putty/putty.mk
> index c40cac9dc5..8a494d4e54 100644
> --- a/package/putty/putty.mk
> +++ b/package/putty/putty.mk
> @@ -12,6 +12,9 @@ PUTTY_CPE_ID_VENDOR = putty
> PUTTY_CONF_OPTS = --disable-gtktest
> PUTTY_CONF_ENV = CFLAGS="$(TARGET_CFLAGS) -Wno-error"
>
> +# Windows only, fixed for Windows with 0.75
> +PUTTY_IGNORE_CVES += CVE-2021-33500
> +
> ifeq ($(BR2_PACKAGE_LIBGTK2),y)
> PUTTY_CONF_OPTS += --with-gtk=2
> PUTTY_DEPENDENCIES += libgtk2
>
> base-commit: 677b20cf240d099e1bfc1d50e54730083618d24f
> --
> 2.20.1
>
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
--
/"\ ASCII RIBBON | ?With the first link, the chain is forged. The first
\ / CAMPAIGN | speech censured, the first thought forbidden, the
X AGAINST | first freedom denied, chains us all irrevocably.?
/ \ HTML MAIL | (Jean-Luc Picard, quoting Judge Aaron Satie)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20210608/0e331e5a/attachment.asc>
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH/stable] package/putty: Ignore CVE-2021-33500
2021-06-08 5:09 ` Alexander Dahl
@ 2021-06-08 6:35 ` Peter Korsgaard
2021-06-11 8:17 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2021-06-08 6:35 UTC (permalink / raw)
To: buildroot
>>>>> "Alexander" == Alexander Dahl <post@lespocky.de> writes:
> Hello everyone,
> since I get autobuilder warning mails every Monday for CVE-2021-33500
> now, I kindly wanted to ask, if this is the right approach?
> That CVE only affects Windows, master has putty 0.75 which has that
> fixed already. So I thought it would not be necessary to backport 0.75
> to the stable branch(es), but ignore that CVE in stable branches only?
Yes, that is fine. Sorry, I am running a bit behind on the LTS
backports, but I will get to it this week.
Thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
* [Buildroot] [PATCH/stable] package/putty: Ignore CVE-2021-33500
2021-06-08 5:09 ` Alexander Dahl
2021-06-08 6:35 ` Peter Korsgaard
@ 2021-06-11 8:17 ` Peter Korsgaard
1 sibling, 0 replies; 4+ messages in thread
From: Peter Korsgaard @ 2021-06-11 8:17 UTC (permalink / raw)
To: buildroot
>>>>> "Alexander" == Alexander Dahl <post@lespocky.de> writes:
> Hello everyone,
> since I get autobuilder warning mails every Monday for CVE-2021-33500
> now, I kindly wanted to ask, if this is the right approach?
> That CVE only affects Windows, master has putty 0.75 which has that
> fixed already. So I thought it would not be necessary to backport 0.75
> to the stable branch(es), but ignore that CVE in stable branches only?
Committed to 2021.02.x, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-06-11 8:17 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-01 7:03 [Buildroot] [PATCH/stable] package/putty: Ignore CVE-2021-33500 Alexander Dahl
2021-06-08 5:09 ` Alexander Dahl
2021-06-08 6:35 ` Peter Korsgaard
2021-06-11 8:17 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.