All of lore.kernel.org
 help / color / mirror / Atom feed
* [Buildroot] [PATCH 1/1] package/php: ignore various CVEs
@ 2022-07-31 11:42 Bernd Kuhls
  2022-07-31 11:45 ` Baruch Siach via buildroot
       [not found] ` <87les9wlk0.fsf__10495.4630181723$1659268091$gmane$org@tarshish>
  0 siblings, 2 replies; 5+ messages in thread
From: Bernd Kuhls @ 2022-07-31 11:42 UTC (permalink / raw)
  To: buildroot

Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
---
 package/php/php.mk | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/package/php/php.mk b/package/php/php.mk
index cb7a8d71d4..8e362ba144 100644
--- a/package/php/php.mk
+++ b/package/php/php.mk
@@ -14,6 +14,12 @@ PHP_DEPENDENCIES = host-pkgconf pcre2
 PHP_LICENSE = PHP-3.01
 PHP_LICENSE_FILES = LICENSE
 PHP_CPE_ID_VENDOR = php
+# fixed with version 5.x: https://ubuntu.com/security/notices/USN-485-1
+PHP_IGNORE_CVES += CVE-2007-2728
+# not a security vulnerability according to Red Hat
+PHP_IGNORE_CVES += CVE-2007-3205
+# not a security vulnerability according to Mandriva
+PHP_IGNORE_CVES += CVE-2007-4596
 PHP_CONF_OPTS = \
 	--mandir=/usr/share/man \
 	--infodir=/usr/share/info \
-- 
2.30.2

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/php: ignore various CVEs
  2022-07-31 11:42 [Buildroot] [PATCH 1/1] package/php: ignore various CVEs Bernd Kuhls
@ 2022-07-31 11:45 ` Baruch Siach via buildroot
       [not found] ` <87les9wlk0.fsf__10495.4630181723$1659268091$gmane$org@tarshish>
  1 sibling, 0 replies; 5+ messages in thread
From: Baruch Siach via buildroot @ 2022-07-31 11:45 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot

Hi Bernd,

On Sun, Jul 31 2022, Bernd Kuhls wrote:
> Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
> ---
>  package/php/php.mk | 6 ++++++
>  1 file changed, 6 insertions(+)
>
> diff --git a/package/php/php.mk b/package/php/php.mk
> index cb7a8d71d4..8e362ba144 100644
> --- a/package/php/php.mk
> +++ b/package/php/php.mk
> @@ -14,6 +14,12 @@ PHP_DEPENDENCIES = host-pkgconf pcre2
>  PHP_LICENSE = PHP-3.01
>  PHP_LICENSE_FILES = LICENSE
>  PHP_CPE_ID_VENDOR = php
> +# fixed with version 5.x: https://ubuntu.com/security/notices/USN-485-1
> +PHP_IGNORE_CVES += CVE-2007-2728

Why do we need to ignore these old CVEs? Isn't the package version check
sufficient?

Same question for a few other similar patches that you posted earlier.

baruch

> +# not a security vulnerability according to Red Hat
> +PHP_IGNORE_CVES += CVE-2007-3205
> +# not a security vulnerability according to Mandriva
> +PHP_IGNORE_CVES += CVE-2007-4596
>  PHP_CONF_OPTS = \
>  	--mandir=/usr/share/man \
>  	--infodir=/usr/share/info \


-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/php: ignore various CVEs
       [not found] ` <87les9wlk0.fsf__10495.4630181723$1659268091$gmane$org@tarshish>
@ 2022-07-31 11:56   ` Bernd Kuhls
  2022-07-31 12:02     ` Baruch Siach via buildroot
       [not found]     ` <87h72xwkkn.fsf__20322.4888000236$1659269367$gmane$org@tarshish>
  0 siblings, 2 replies; 5+ messages in thread
From: Bernd Kuhls @ 2022-07-31 11:56 UTC (permalink / raw)
  To: buildroot

Am Sun, 31 Jul 2022 14:45:27 +0300 schrieb Baruch Siach via buildroot:

> Why do we need to ignore these old CVEs?

Hi,

to reduce the lenght of the weekly mail:
https://lists.buildroot.org/pipermail/buildroot/2022-July/646199.html

Regards, Bernd

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/php: ignore various CVEs
  2022-07-31 11:56   ` Bernd Kuhls
@ 2022-07-31 12:02     ` Baruch Siach via buildroot
       [not found]     ` <87h72xwkkn.fsf__20322.4888000236$1659269367$gmane$org@tarshish>
  1 sibling, 0 replies; 5+ messages in thread
From: Baruch Siach via buildroot @ 2022-07-31 12:02 UTC (permalink / raw)
  To: Bernd Kuhls; +Cc: buildroot

Hi Bernd,

On Sun, Jul 31 2022, Bernd Kuhls wrote:
> Am Sun, 31 Jul 2022 14:45:27 +0300 schrieb Baruch Siach via buildroot:
>
>> Why do we need to ignore these old CVEs?
>
> to reduce the lenght of the weekly mail:
> https://lists.buildroot.org/pipermail/buildroot/2022-July/646199.html

I share your desire to make the weekly list more useful. My question is
why current version check method does not filter out these CVEs
automatically?  I think that the value in moving the list from the
weekly mail to a permanent location in Buildroot source tree is
questionable. An explanation of why this is necessary would be nice.

baruch

-- 
                                                     ~. .~   Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
   - baruch@tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [Buildroot] [PATCH 1/1] package/php: ignore various CVEs
       [not found]     ` <87h72xwkkn.fsf__20322.4888000236$1659269367$gmane$org@tarshish>
@ 2022-07-31 12:29       ` Bernd Kuhls
  0 siblings, 0 replies; 5+ messages in thread
From: Bernd Kuhls @ 2022-07-31 12:29 UTC (permalink / raw)
  To: buildroot

Am Sun, 31 Jul 2022 15:02:57 +0300 schrieb Baruch Siach via buildroot:

> I share your desire to make the weekly list more useful. My question is
> why current version check method does not filter out these CVEs
> automatically?

Hi Baruch,

because many CVS entries I added to the ignore lists do not contain any 
version number in the NVD database, for example:

https://nvd.nist.gov/vuln/detail/CVE-1999-0236

cpe:2.3:a:apache:http_server:-:*:*:*:*:*:*:*

Regards, Bernd

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2022-07-31 12:30 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-31 11:42 [Buildroot] [PATCH 1/1] package/php: ignore various CVEs Bernd Kuhls
2022-07-31 11:45 ` Baruch Siach via buildroot
     [not found] ` <87les9wlk0.fsf__10495.4630181723$1659268091$gmane$org@tarshish>
2022-07-31 11:56   ` Bernd Kuhls
2022-07-31 12:02     ` Baruch Siach via buildroot
     [not found]     ` <87h72xwkkn.fsf__20322.4888000236$1659269367$gmane$org@tarshish>
2022-07-31 12:29       ` Bernd Kuhls

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.