* [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package
@ 2020-12-08 12:57 bugzilla at busybox.net
2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: bugzilla at busybox.net @ 2020-12-08 12:57 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
Bug ID: 13366
Summary: make pkg-stats: unrelated CVEs linked to linux package
Product: buildroot
Version: 2020.11
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Other
Assignee: unassigned at buildroot.uclibc.org
Reporter: seems.deviant at gmail.com
CC: buildroot at uclibc.org
Target Milestone: ---
Created attachment 8701
--> https://bugs.busybox.net/attachment.cgi?id=8701&action=edit
hypertext
Steps to reproduce:
$ cat <<EOF > .config
> BR2_LINUX_KERNEL=y
> BR2_LINUX_KERNEL_USE_ARCH_DEFAULT_CONFIG=y
> EOF
$ make pkg-stats
In my case, there are 110 CVEs linked to linux package, while most of them or
none at all are related.
The last three entries in CVEs column:
https://security-tracker.debian.org/tracker/CVE-2013-2032 - mediawiki
https://security-tracker.debian.org/tracker/CVE-2014-3250 - puppet
https://security-tracker.debian.org/tracker/CVE-2014-4909 - transmission
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
@ 2020-12-08 13:40 ` bugzilla at busybox.net
2020-12-08 14:47 ` bugzilla at busybox.net
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla at busybox.net @ 2020-12-08 13:40 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
--- Comment #1 from Thomas Petazzoni <thomas.petazzoni@bootlin.com> ---
Thanks a lot for your bug report! Could you try with the patch series at
https://patchwork.ozlabs.org/project/buildroot/list/?series=218648 applied, and
see if it improves things ?
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net
@ 2020-12-08 14:47 ` bugzilla at busybox.net
2020-12-08 14:53 ` bugzilla at busybox.net
2020-12-09 9:33 ` bugzilla at busybox.net
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla at busybox.net @ 2020-12-08 14:47 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
--- Comment #2 from Aleksandr Makarov <seems.deviant@gmail.com> ---
The mentioned patch series seems to help with the CVEs flood for linux package.
However, I find it odd to see in which order the CVEs column gets sorted now:
- In ascending order: "yellow - orange - green", but i'd expect "orange -
yellow - green"
- In descending order: "green - orange - yellow" instead of "green - yellow -
orange"
(See attached image for illustration)
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net
2020-12-08 14:47 ` bugzilla at busybox.net
@ 2020-12-08 14:53 ` bugzilla at busybox.net
2020-12-09 9:33 ` bugzilla at busybox.net
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla at busybox.net @ 2020-12-08 14:53 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
--- Comment #3 from Aleksandr Makarov <seems.deviant@gmail.com> ---
(The screenshot is 0.5M, attaching the link to external storage)
https://imgur.com/a/LNEyaHR
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Buildroot] [Bug 13366] make pkg-stats: unrelated CVEs linked to linux package
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
` (2 preceding siblings ...)
2020-12-08 14:53 ` bugzilla at busybox.net
@ 2020-12-09 9:33 ` bugzilla at busybox.net
3 siblings, 0 replies; 5+ messages in thread
From: bugzilla at busybox.net @ 2020-12-09 9:33 UTC (permalink / raw)
To: buildroot
https://bugs.busybox.net/show_bug.cgi?id=13366
--- Comment #4 from Thomas Petazzoni <thomas.petazzoni@bootlin.com> ---
Thanks for your feedback. This sorting is just doing alphabetic sorting I
believe, so it doesn't make much sense for CVEs. It's a bit like sorting the
"Current version" or "Latest version" columns: it doesn't do anything useful.
We should perhaps disable the sorting on some columns.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-12-09 9:33 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-12-08 12:57 [Buildroot] [Bug 13366] New: make pkg-stats: unrelated CVEs linked to linux package bugzilla at busybox.net
2020-12-08 13:40 ` [Buildroot] [Bug 13366] " bugzilla at busybox.net
2020-12-08 14:47 ` bugzilla at busybox.net
2020-12-08 14:53 ` bugzilla at busybox.net
2020-12-09 9:33 ` bugzilla at busybox.net
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.