[Buildroot] [PATCH v3 0/8] Improving CVE reporting
Titouan Christophe
titouan.christophe at railnova.eu
Tue Jul 28 22:07:14 UTC 2020
Hello all,
On 28/07/20 09:52, Thomas Petazzoni wrote:
>
> Could you give some specific example of where those AND operators with
> child nodes are used ? This would help understand what are the
> situations that make use of this.
>
> Thanks!
>
> Thomas
>
See for example CVE-2019-3699
(https://nvd.nist.gov/vuln/detail/CVE-2019-3699). This is about a
vulnerability of privoxy when it runs on OpenSuse. This CVE is currently
detected for the privoxy package on http://autobuild.buildroot.net/stats/
I have extracted the NVD entry from the NVD 2019 json file for
convenience: http://paste.awesom.eu/ibNy . The matching CPEs are
logically declared as follows:
AND(
privoxy:privoxy <3.0.28-lp151.1.1,
opensuse:leap:15.1
)
They seem to use this to indicate if a particular distribution/OS is
vulnerable to the CVE.
Titouan
More information about the buildroot
mailing list