[LTP] [COMMITTED] runtest/cve: Fix wrong cve tag

[LTP] [COMMITTED] runtest/cve: Fix wrong cve tag

[Yang Xu]

can_bcm01 is designed to test cve-2021-3609 instead of cve-2021-6309.

Fixes: 027ea6171c40 ("Add test for CVE 2021-3609")
Signed-off-by: Yang Xu <xuyang2018.jy@fujitsu.com>
---
 runtest/cve | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/runtest/cve b/runtest/cve
index 357b88feb..01211b5aa 100644
--- a/runtest/cve
+++ b/runtest/cve
@@ -67,7 +67,7 @@ cve-2020-14416 pty03
 cve-2020-25705 icmp_rate_limit01
 cve-2020-29373 io_uring02
 cve-2021-3444 bpf_prog05
-cve-2021-6309 can_bcm01
+cve-2021-3609 can_bcm01
 cve-2021-22555 setsockopt08 -i 100
 cve-2021-26708 vsock01
 # Tests below may cause kernel memory leak
-- 
2.23.0


-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [COMMITTED] runtest/cve: Fix wrong cve tag

[xuyang2018.jy]

Hi Cyril, Martin

In fact, Look the following url:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3609

It said nothing and seems this cve number doesn't exist.

Do you know what happen?

Best Regards
Yang Xu

> can_bcm01 is designed to test cve-2021-3609 instead of cve-2021-6309.
> 
> Fixes: 027ea6171c40 ("Add test for CVE 2021-3609")
> Signed-off-by: Yang Xu<xuyang2018.jy@fujitsu.com>
> ---
>   runtest/cve | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/runtest/cve b/runtest/cve
> index 357b88feb..01211b5aa 100644
> --- a/runtest/cve
> +++ b/runtest/cve
> @@ -67,7 +67,7 @@ cve-2020-14416 pty03
>   cve-2020-25705 icmp_rate_limit01
>   cve-2020-29373 io_uring02
>   cve-2021-3444 bpf_prog05
> -cve-2021-6309 can_bcm01
> +cve-2021-3609 can_bcm01
>   cve-2021-22555 setsockopt08 -i 100
>   cve-2021-26708 vsock01
>   # Tests below may cause kernel memory leak

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [COMMITTED] runtest/cve: Fix wrong cve tag

[Martin Doucha]

On 08. 09. 21 9:22, xuyang2018.jy@fujitsu.com wrote:
> Hi Cyril, Martin
> 
> In fact, Look the following url:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3609
> 
> It said nothing and seems this cve number doesn't exist.
> 
> Do you know what happen?

This vulnerability is tracked under this CVE number in SUSE Bugzilla and
RedHat security portal:
https://bugzilla.suse.com/show_bug.cgi?id=1187215
https://access.redhat.com/security/cve/cve-2021-3609

I didn't check any "upstream" CVE databases.

-- 
Martin Doucha   mdoucha@suse.cz
QA Engineer for Software Maintenance
SUSE LINUX, s.r.o.
CORSO IIa
Krizikova 148/34
186 00 Prague 8
Czech Republic

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp

Re: [LTP] [COMMITTED] runtest/cve: Fix wrong cve tag

[Cyril Hrubis]

Hi!
> > In fact, Look the following url:
> > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3609
> > 
> > It said nothing and seems this cve number doesn't exist.
> > 
> > Do you know what happen?
> 
> This vulnerability is tracked under this CVE number in SUSE Bugzilla and
> RedHat security portal:
> https://bugzilla.suse.com/show_bug.cgi?id=1187215
> https://access.redhat.com/security/cve/cve-2021-3609
> 
> I didn't check any "upstream" CVE databases.

Looks like the CVE has been allocated though, so possibly somehow the
the notification that it has been assigned has failed. I guess that
RedHat security team should look into this.

-- 
Cyril Hrubis
chrubis@suse.cz

-- 
Mailing list info: https://lists.linux.it/listinfo/ltp