| Message ID | 20220801150139.14406-1-bernd.kuhls@t-online.de |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [v2,1/1] package/exim: ignore CVE-2020-28017 | expand |
Hi Bernd, On Mon, 1 Aug 2022 17:01:39 +0200 Bernd Kuhls <bernd.kuhls@t-online.de> wrote: > Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> Reviewed-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
On Mon, 1 Aug 2022 17:01:39 +0200 Bernd Kuhls <bernd.kuhls@t-online.de> wrote: > +# fixed in version 4.94.2 > +EXIM_IGNORE_CVES += CVE-2020-28017 Could you please submit a bug to the NIST maintainers so that they adjust their CVE database accordingly? I already reported some bugs, and provided you give good information about how the CVE has been fixed (reference to upstream commit, and indication of which release it is part of), they are responsive and willing to fix the database. Thanks! Thomas
diff --git a/package/exim/exim.mk b/package/exim/exim.mk index e0fcd83fb0..b99e280f6c 100644 --- a/package/exim/exim.mk +++ b/package/exim/exim.mk @@ -10,6 +10,8 @@ EXIM_SITE = https://ftp.exim.org/pub/exim/exim4 EXIM_LICENSE = GPL-2.0+ EXIM_LICENSE_FILES = LICENCE EXIM_CPE_ID_VENDOR = exim +# fixed in version 4.94.2 +EXIM_IGNORE_CVES += CVE-2020-28017 EXIM_SELINUX_MODULES = exim mta EXIM_DEPENDENCIES = host-berkeleydb host-pcre2 pcre2 berkeleydb host-pkgconf
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de> --- v2: fixed wrong CVE number (Luca) package/exim/exim.mk | 2 ++ 1 file changed, 2 insertions(+)