[Buildroot] [PATCH 2/2] package/exim: mark CVE-2022-3620 as ignored
Peter Korsgaard
peter at korsgaard.com
Wed Dec 7 15:03:59 UTC 2022
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> CVE-2022-3620: A vulnerability was found in Exim and classified as
> problematic. This issue affects the function dmarc_dns_lookup of the file
> dmarc.c of the component DMARC Handler. The manipulation leads to use after
> free. The attack may be initiated remotely. The name of the patch is
> 12fb3842f81bcbd4a4519d5728f2d7e0e3ca1445. It is recommended to apply a
> patch to fix this issue. The associated identifier of this vulnerability is
> VDB-211919.
> This vulnerability is in the DMARC handling, which is only used if
> libopendmarc is available AND SUPPORT_DMARC is set to yes, neither of which
> is true for Buildroot, so ignore the CVE.
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2022.08.x and 2022.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list