[Buildroot] [PATCH v2] package/bind: drop CVE-2017-3139 from IGNORE_CVES
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Wed Sep 20 07:12:08 UTC 2023
Hello Daniel,
On Wed, 20 Sep 2023 06:31:12 +0200
Daniel Lang <dalang at gmx.at> wrote:
> As of 2021-05-14 CVE-2017-3139 is no longer listed as affecting bind, only RHEL.
>
> Signed-off-by: Daniel Lang <dalang at gmx.at>
This makes me think that the pkg-stats script should detect this: if a
package has CVE-2023-12345 in its ignore list, but CVE-2023-12345 is
not known to affect the package (in its current version) according to
the NVD database, we should flag this.
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
More information about the buildroot
mailing list