[Buildroot] [PATCH 1/2] package/tiff: ignore CVE-2025-8851
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Fri Sep 26 21:37:11 UTC 2025
Hello Thomas,
On Fri, 26 Sep 2025 18:32:38 +0200
Thomas Perale via buildroot <buildroot at buildroot.org> wrote:
> The CVE-2025-8851 [1] has been fixed in upstream commit [2] that is part
> of the v4.7.0 release.
>
> Because the NVD reference includes the version '<2024-08-11' most of CVE
> checker will fail to compare it against 4.7.0 and report it as a
> positive.
Thanks for the patch. Why isn't this fixed in the NVD database? Was the
issue reported to the NVD maintainers?
Thanks a lot!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
More information about the buildroot
mailing list