Re: [OE-core] [dunfell][PATCH] gcc: Add CVE-2021-37322 to the list of CVEs to ignore
On Thu, 2021-12-09 at 04:43 -1000, Steve Sakoman wrote: > On Thu, Dec 9, 2021 at 4:36 AM Tim Orling wrote: > > > > > > > > On Thu, Dec 9, 2021 at 4:12 AM Marta Rybczynska > > wrote: > > > > > > On Thu, Dec 9, 2021 at 7:53 AM Tim Orling wrote: > > > > > > > > From: Richard Purdie > > > > > > > > The CVE applies to binutils 2.26 and not to gcc so ignore there. > > > > > > > > > > Tim, > > > Have you requested a NVD database change on this one? Or you prefer me to > > > do it? > > > > > I have not. I was simply back-porting the patch from Richard. > > It's always preferable to request a change to the database when it is > wrong. They are usually pretty responsive. > > I'll take the patch for now, and if/when they accept the update we can > remove the exception in master/dunfell. This one is a little fuzzy. There is an entry for binutils there too and I didn't understand why there was an unversioned gcc entry there with it. It could be our CPE parsing isn't quite right. I may also be referring to gcc the project rather than the component. Regardless, I wanted it off our CVE list! Cheers, Richard -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#159453): https://lists.openembedded.org/g/openembedded-core/message/159453 Mute This Topic: https://lists.openembedded.org/mt/87607595/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [dunfell][PATCH] gcc: Add CVE-2021-37322 to the list of CVEs to ignore
On Thu, Dec 9, 2021 at 4:36 AM Tim Orling wrote: > > > > On Thu, Dec 9, 2021 at 4:12 AM Marta Rybczynska wrote: >> >> On Thu, Dec 9, 2021 at 7:53 AM Tim Orling wrote: >> > >> > From: Richard Purdie >> > >> > The CVE applies to binutils 2.26 and not to gcc so ignore there. >> > >> >> Tim, >> Have you requested a NVD database change on this one? Or you prefer me to do >> it? >> > I have not. I was simply back-porting the patch from Richard. It's always preferable to request a change to the database when it is wrong. They are usually pretty responsive. I'll take the patch for now, and if/when they accept the update we can remove the exception in master/dunfell. Steve -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#159452): https://lists.openembedded.org/g/openembedded-core/message/159452 Mute This Topic: https://lists.openembedded.org/mt/87607595/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
Re: [OE-core] [dunfell][PATCH] gcc: Add CVE-2021-37322 to the list of CVEs to ignore
On Thu, Dec 9, 2021 at 7:53 AM Tim Orling wrote: > > From: Richard Purdie > > The CVE applies to binutils 2.26 and not to gcc so ignore there. > Tim, Have you requested a NVD database change on this one? Or you prefer me to do it? Kind regards, Marta -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#159447): https://lists.openembedded.org/g/openembedded-core/message/159447 Mute This Topic: https://lists.openembedded.org/mt/87607595/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
