* [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package
@ 2020-12-08 12:57 bugzilla at busybox.net
2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: bugzilla at busybox.net @ 2020-12-08 12:57 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
Bug ID: 13366
Summary: make pkg-stats: unrelated CVEs linked to linux package
Product: buildroot
Version: 2020.11
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at buildroot.uclibc.org
Reporter: seems.deviant at gmail.com
CC: buildroot at uclibc.org
Target Milestone: ---
Created attachment 8701
--> https://bugs.busybox.net/attachment.cgi?id=8701&action=edit
hypertext
Steps to reproduce:
$ cat <<EOF > .config
> BR2_LINUX_KERNEL=y
> BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
> EOF
$ make pkg-stats
In my case, there are 110 CVEs linked to linux package, while most of them or
none at all are related.
The last three entries in CVEs column:
https://security-tracker.debian.org/tracker/CVE-2013-2032 - mediawiki
https://security-tracker.debian.org/tracker/CVE-2014-3250 - puppet
https://security-tracker.debian.org/tracker/CVE-2014-4909 - transmission
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package 2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net @ 2020-12-08 13:40 ` bugzilla at busybox.net 2020-12-08 14:47 ` bugzilla at busybox.net ` (2 subsequent siblings) 3 siblings, 0 replies; 5+ messages in thread From: bugzilla at busybox.net @ 2020-12-08 13:40 UTC (permalink / raw) To: buildroot https://bugs.busybox.net/show_bug.cgi?id=13366 --- Comment #1 from Thomas Petazzoni <thomas.petazzoni@bootlin.com> --- Thanks a lot for your bug report! Could you try with the patch series at https://patchwork.ozlabs.org/project/buildroot/list/?series=218648 applied, and see if it improves things ? -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package 2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net 2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net @ 2020-12-08 14:47 ` bugzilla at busybox.net 2020-12-08 14:53 ` bugzilla at busybox.net 2020-12-09 9:33 ` bugzilla at busybox.net 3 siblings, 0 replies; 5+ messages in thread From: bugzilla at busybox.net @ 2020-12-08 14:47 UTC (permalink / raw) To: buildroot https://bugs.busybox.net/show_bug.cgi?id=13366 --- Comment #2 from Aleksandr Makarov <seems.deviant@gmail.com> --- The mentioned patch series seems to help with the CVEs flood for linux package. However, I find it odd to see in which order the CVEs column gets sorted now: - In ascending order: "yellow - orange - green", but i'd expect "orange - yellow - green" - In descending order: "green - orange - yellow" instead of "green - yellow - orange" (See attached image for illustration) -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package 2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net 2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net 2020-12-08 14:47 ` bugzilla at busybox.net @ 2020-12-08 14:53 ` bugzilla at busybox.net 2020-12-09 9:33 ` bugzilla at busybox.net 3 siblings, 0 replies; 5+ messages in thread From: bugzilla at busybox.net @ 2020-12-08 14:53 UTC (permalink / raw) To: buildroot https://bugs.busybox.net/show_bug.cgi?id=13366 --- Comment #3 from Aleksandr Makarov <seems.deviant@gmail.com> --- (The screenshot is 0.5M, attaching the link to external storage) https://imgur.com/a/LNEyaHR -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package 2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net ` (2 preceding siblings ...) 2020-12-08 14:53 ` bugzilla at busybox.net @ 2020-12-09 9:33 ` bugzilla at busybox.net 3 siblings, 0 replies; 5+ messages in thread From: bugzilla at busybox.net @ 2020-12-09 9:33 UTC (permalink / raw) To: buildroot https://bugs.busybox.net/show_bug.cgi?id=13366 --- Comment #4 from Thomas Petazzoni <thomas.petazzoni@bootlin.com> --- Thanks for your feedback. This sorting is just doing alphabetic sorting I believe, so it doesn't make much sense for CVEs. It's a bit like sorting the "Current version" or "Latest version" columns: it doesn't do anything useful. We should perhaps disable the sorting on some columns. -- You are receiving this mail because: You are on the CC list for the bug. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-12-09 9:33 UTC | newest] Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net 2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net 2020-12-08 14:47 ` bugzilla at busybox.net 2020-12-08 14:53 ` bugzilla at busybox.net 2020-12-09 9:33 ` bugzilla at busybox.net
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.