* [Buildroot] [PATCH 1/1] package/libnids: NVD database has been updated
@ 2020-07-21 18:05 guillaume.bressaix at gmail.com
2020-07-21 18:43 ` Thomas Petazzoni
0 siblings, 1 reply; 8+ messages in thread
From: guillaume.bressaix at gmail.com @ 2020-07-21 18:05 UTC (permalink / raw)
To: buildroot
From: "Guillaume W. Bres" <guillaume.bressaix@gmail.com>
Thanks to Matthew W. & Thomas, the NVD database has been updated
and CVE-2010-0751 is now declared fixed, see
https://security-tracker.debian.org/tracker/CVE-2010-0751
Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
---
package/libnids/libnids.mk | 4 ----
1 file changed, 4 deletions(-)
diff --git a/package/libnids/libnids.mk b/package/libnids/libnids.mk
index fb3df318b4..4a67215242 100644
--- a/package/libnids/libnids.mk
+++ b/package/libnids/libnids.mk
@@ -12,10 +12,6 @@ LIBNIDS_INSTALL_STAGING = YES
LIBNIDS_DEPENDENCIES = host-pkgconf libpcap
LIBNIDS_AUTORECONF = YES
-# CVE-2010-0751 was fixed in libnids v1.24 but the NVD database is not
-# aware of the fix, ignore it until this is updated
-LIBNIDS_IGNORE_CVES += CVE-2010-0751
-
# disable libnet if not available
# Tests in configure.in expect --with-libnet=$build_dir
# not an installation patch like in our context.
--
2.20.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/1] package/libnids: NVD database has been updated
2020-07-21 18:05 [Buildroot] [PATCH 1/1] package/libnids: NVD database has been updated guillaume.bressaix at gmail.com
@ 2020-07-21 18:43 ` Thomas Petazzoni
2020-07-21 20:08 ` Matthew Weber
0 siblings, 1 reply; 8+ messages in thread
From: Thomas Petazzoni @ 2020-07-21 18:43 UTC (permalink / raw)
To: buildroot
On Tue, 21 Jul 2020 20:05:55 +0200
guillaume.bressaix at gmail.com wrote:
> From: "Guillaume W. Bres" <guillaume.bressaix@gmail.com>
>
> Thanks to Matthew W. & Thomas, the NVD database has been updated
> and CVE-2010-0751 is now declared fixed, see
> https://security-tracker.debian.org/tracker/CVE-2010-0751
>
> Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
Are you sure it has already been fixed ?
https://nvd.nist.gov/vuln/detail/CVE-2010-0751 still marks 1.24 as
affected as far as I can see.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/1] package/libnids: NVD database has been updated
2020-07-21 18:43 ` Thomas Petazzoni
@ 2020-07-21 20:08 ` Matthew Weber
2020-07-22 7:32 ` Guillaume Bres
0 siblings, 1 reply; 8+ messages in thread
From: Matthew Weber @ 2020-07-21 20:08 UTC (permalink / raw)
To: buildroot
Ugh, looks like they only updated the description and didn't adjust the
rest of the version references
https://nvd.nist.gov/vuln/detail/CVE-2010-0751#match-5471142
On Tue, Jul 21, 2020 at 1:46 PM Thomas Petazzoni <
thomas.petazzoni@bootlin.com> wrote:
> On Tue, 21 Jul 2020 20:05:55 +0200
> guillaume.bressaix at gmail.com wrote:
>
> > From: "Guillaume W. Bres" <guillaume.bressaix@gmail.com>
> >
> > Thanks to Matthew W. & Thomas, the NVD database has been updated
> > and CVE-2010-0751 is now declared fixed, see
> > https://security-tracker.debian.org/tracker/CVE-2010-0751
> >
> > Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
>
> Are you sure it has already been fixed ?
>
> https://nvd.nist.gov/vuln/detail/CVE-2010-0751 still marks 1.24 as
> affected as far as I can see.
>
> Thomas
> --
> Thomas Petazzoni, CTO, Bootlin
> Embedded Linux and Kernel engineering
> https://bootlin.com
> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200721/6efdf37f/attachment.html>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/1] package/libnids: NVD database has been updated
2020-07-21 20:08 ` Matthew Weber
@ 2020-07-22 7:32 ` Guillaume Bres
2020-07-30 18:01 ` Matthew Weber
0 siblings, 1 reply; 8+ messages in thread
From: Guillaume Bres @ 2020-07-22 7:32 UTC (permalink / raw)
To: buildroot
>
> Ugh, looks like they only updated the description and didn't adjust the
> rest of the version references
yes that's what happened ? we may need to wait a little longer
Guillaume W. Bres
Software engineer
<guillaume.bressaix@gmail.com>
Le mar. 21 juil. 2020 ? 22:09, Matthew Weber <matthew.weber@collins.com> a
?crit :
> Ugh, looks like they only updated the description and didn't adjust the
> rest of the version references
>
> https://nvd.nist.gov/vuln/detail/CVE-2010-0751#match-5471142
>
> On Tue, Jul 21, 2020 at 1:46 PM Thomas Petazzoni <
> thomas.petazzoni at bootlin.com> wrote:
>
>> On Tue, 21 Jul 2020 20:05:55 +0200
>> guillaume.bressaix at gmail.com wrote:
>>
>> > From: "Guillaume W. Bres" <guillaume.bressaix@gmail.com>
>> >
>> > Thanks to Matthew W. & Thomas, the NVD database has been updated
>> > and CVE-2010-0751 is now declared fixed, see
>> > https://security-tracker.debian.org/tracker/CVE-2010-0751
>> >
>> > Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
>>
>> Are you sure it has already been fixed ?
>>
>> https://nvd.nist.gov/vuln/detail/CVE-2010-0751 still marks 1.24 as
>> affected as far as I can see.
>>
>> Thomas
>> --
>> Thomas Petazzoni, CTO, Bootlin
>> Embedded Linux and Kernel engineering
>> https://bootlin.com
>> _______________________________________________
>> buildroot mailing list
>> buildroot at busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200722/1a71638e/attachment.html>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/1] package/libnids: NVD database has been updated
2020-07-22 7:32 ` Guillaume Bres
@ 2020-07-30 18:01 ` Matthew Weber
2020-08-05 16:18 ` Matthew Weber
0 siblings, 1 reply; 8+ messages in thread
From: Matthew Weber @ 2020-07-30 18:01 UTC (permalink / raw)
To: buildroot
Guillaume, I've submitted another request with more detail and hopefully
they'll update all the references to the version
On Wed, Jul 22, 2020 at 2:34 AM Guillaume Bres <guillaume.bressaix@gmail.com>
wrote:
> Ugh, looks like they only updated the description and didn't adjust the
>> rest of the version references
>
>
> yes that's what happened ? we may need to wait a little longer
>
> Guillaume W. Bres
> Software engineer
> <guillaume.bressaix@gmail.com>
>
>
> Le mar. 21 juil. 2020 ? 22:09, Matthew Weber <matthew.weber@collins.com>
> a ?crit :
>
>> Ugh, looks like they only updated the description and didn't adjust the
>> rest of the version references
>>
>> https://nvd.nist.gov/vuln/detail/CVE-2010-0751#match-5471142
>>
>> On Tue, Jul 21, 2020 at 1:46 PM Thomas Petazzoni <
>> thomas.petazzoni at bootlin.com> wrote:
>>
>>> On Tue, 21 Jul 2020 20:05:55 +0200
>>> guillaume.bressaix at gmail.com wrote:
>>>
>>> > From: "Guillaume W. Bres" <guillaume.bressaix@gmail.com>
>>> >
>>> > Thanks to Matthew W. & Thomas, the NVD database has been updated
>>> > and CVE-2010-0751 is now declared fixed, see
>>> > https://security-tracker.debian.org/tracker/CVE-2010-0751
>>> >
>>> > Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
>>>
>>> Are you sure it has already been fixed ?
>>>
>>> https://nvd.nist.gov/vuln/detail/CVE-2010-0751 still marks 1.24 as
>>> affected as far as I can see.
>>>
>>> Thomas
>>> --
>>> Thomas Petazzoni, CTO, Bootlin
>>> Embedded Linux and Kernel engineering
>>> https://bootlin.com
>>> _______________________________________________
>>> buildroot mailing list
>>> buildroot at busybox.net
>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>
>> _______________________________________________
> buildroot mailing list
> buildroot at busybox.net
> http://lists.busybox.net/mailman/listinfo/buildroot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200730/0af3dc55/attachment.html>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/1] package/libnids: NVD database has been updated
2020-07-30 18:01 ` Matthew Weber
@ 2020-08-05 16:18 ` Matthew Weber
2020-08-05 19:48 ` Thomas Petazzoni
0 siblings, 1 reply; 8+ messages in thread
From: Matthew Weber @ 2020-08-05 16:18 UTC (permalink / raw)
To: buildroot
It has been fixed but I had to update the wiki notes because there are two
steps. The first is a CVE description update by the Mitre/CVE team and the
second is a CPE assignment update by the dictionary team. I checked the
NVD link that Thomas provided and it looks correct to me.
On Thu, Jul 30, 2020 at 1:01 PM Matthew Weber <matthew.weber@collins.com>
wrote:
> Guillaume, I've submitted another request with more detail and hopefully
> they'll update all the references to the version
>
> On Wed, Jul 22, 2020 at 2:34 AM Guillaume Bres <
> guillaume.bressaix at gmail.com> wrote:
>
>> Ugh, looks like they only updated the description and didn't adjust the
>>> rest of the version references
>>
>>
>> yes that's what happened ? we may need to wait a little longer
>>
>> Guillaume W. Bres
>> Software engineer
>> <guillaume.bressaix@gmail.com>
>>
>>
>> Le mar. 21 juil. 2020 ? 22:09, Matthew Weber <matthew.weber@collins.com>
>> a ?crit :
>>
>>> Ugh, looks like they only updated the description and didn't adjust the
>>> rest of the version references
>>>
>>> https://nvd.nist.gov/vuln/detail/CVE-2010-0751#match-5471142
>>>
>>> On Tue, Jul 21, 2020 at 1:46 PM Thomas Petazzoni <
>>> thomas.petazzoni at bootlin.com> wrote:
>>>
>>>> On Tue, 21 Jul 2020 20:05:55 +0200
>>>> guillaume.bressaix at gmail.com wrote:
>>>>
>>>> > From: "Guillaume W. Bres" <guillaume.bressaix@gmail.com>
>>>> >
>>>> > Thanks to Matthew W. & Thomas, the NVD database has been updated
>>>> > and CVE-2010-0751 is now declared fixed, see
>>>> > https://security-tracker.debian.org/tracker/CVE-2010-0751
>>>> >
>>>> > Signed-off-by: Guillaume W. Bres <guillaume.bressaix@gmail.com>
>>>>
>>>> Are you sure it has already been fixed ?
>>>>
>>>> https://nvd.nist.gov/vuln/detail/CVE-2010-0751 still marks 1.24 as
>>>> affected as far as I can see.
>>>>
>>>> Thomas
>>>> --
>>>> Thomas Petazzoni, CTO, Bootlin
>>>> Embedded Linux and Kernel engineering
>>>> https://bootlin.com
>>>> _______________________________________________
>>>> buildroot mailing list
>>>> buildroot at busybox.net
>>>> http://lists.busybox.net/mailman/listinfo/buildroot
>>>>
>>> _______________________________________________
>> buildroot mailing list
>> buildroot at busybox.net
>> http://lists.busybox.net/mailman/listinfo/buildroot
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/buildroot/attachments/20200805/69fc01a4/attachment-0001.html>
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [PATCH 1/1] package/libnids: NVD database has been updated
2020-08-05 16:18 ` Matthew Weber
@ 2020-08-05 19:48 ` Thomas Petazzoni
2020-08-05 21:43 ` [Buildroot] [External] " Matthew Weber
0 siblings, 1 reply; 8+ messages in thread
From: Thomas Petazzoni @ 2020-08-05 19:48 UTC (permalink / raw)
To: buildroot
Hello,
On Wed, 5 Aug 2020 11:18:24 -0500
Matthew Weber <matthew.weber@collins.com> wrote:
> It has been fixed but I had to update the wiki notes because there are two
> steps. The first is a CVE description update by the Mitre/CVE team and the
> second is a CPE assignment update by the dictionary team. I checked the
> NVD link that Thomas provided and it looks correct to me.
Thanks for following up on this. However, what the Wiki page says is
not very clear to me as it doesn't really seem to match what you're
saying here with the two steps process that is needed.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply [flat|nested] 8+ messages in thread
* [Buildroot] [External] Re: [PATCH 1/1] package/libnids: NVD database has been updated
2020-08-05 19:48 ` Thomas Petazzoni
@ 2020-08-05 21:43 ` Matthew Weber
0 siblings, 0 replies; 8+ messages in thread
From: Matthew Weber @ 2020-08-05 21:43 UTC (permalink / raw)
To: buildroot
Thomas,
On Wed, Aug 5, 2020 at 2:51 PM Thomas Petazzoni
<thomas.petazzoni@bootlin.com> wrote:
>
> Hello,
>
> On Wed, 5 Aug 2020 11:18:24 -0500
> Matthew Weber <matthew.weber@collins.com> wrote:
>
> > It has been fixed but I had to update the wiki notes because there are two
> > steps. The first is a CVE description update by the Mitre/CVE team and the
> > second is a CPE assignment update by the dictionary team. I checked the
> > NVD link that Thomas provided and it looks correct to me.
>
> Thanks for following up on this. However, what the Wiki page says is
> not very clear to me as it doesn't really seem to match what you're
> saying here with the two steps process that is needed.
>
Hopefully this is a little better
https://elinux.org/Buildroot:Security_Vulnerability_Management#Managing_CPE_entries
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-08-05 21:43 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-21 18:05 [Buildroot] [PATCH 1/1] package/libnids: NVD database has been updated guillaume.bressaix at gmail.com
2020-07-21 18:43 ` Thomas Petazzoni
2020-07-21 20:08 ` Matthew Weber
2020-07-22 7:32 ` Guillaume Bres
2020-07-30 18:01 ` Matthew Weber
2020-08-05 16:18 ` Matthew Weber
2020-08-05 19:48 ` Thomas Petazzoni
2020-08-05 21:43 ` [Buildroot] [External] " Matthew Weber
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.