[Buildroot] [PATCH 0/7] Add PURL support
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Wed Apr 16 19:58:12 UTC 2025
Hello Thomas,
On Wed, 16 Apr 2025 21:50:48 +0200
Thomas Perale <thomas.perale at essensium.com> wrote:
> The second advantage I see is that OSSIndex (that works with PURL) seems
> to have a better matching of the CVE with packages. For instance
> https://nvd.nist.gov/vuln/detail/CVE-2025-27556 is not reported for the
> Django package and not associated to any version.
That's because it has not been annotated by NVD. However
https://github.com/CVEProject/cvelistV5/blob/main/cves/2025/27xxx/CVE-2025-27556.json
does have it annotated, and associated to
"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*".
Best regards,
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
More information about the buildroot
mailing list