[Buildroot] [PATCH] package/qemu: security bump version to 8.1.1
Clément Ramirez
ramirez.clement3 at gmail.com
Thu Nov 2 09:37:36 UTC 2023
Hi Thomas !
> Always happy to see some patches from you on Buildroot! :-)
Yes but I need to keep going
> > I will try to find a way to add an entry in the CPE database, and add a
> > comment to explain why we are ignoring these CVEs.
>
> In the end, did you send an e-mail to the NVD maintainers about this?
I tried to figured out how to add an entry in the CPE database indeed, and
found some tools to do it. But I wasn't sure what information i should
fill in, so
i ended not sending anything.
> You actually don't need to look for how to add an entry in the CPE
> database. Just drop an e-mail to the NVD maintainers, giving for each
> CVE some clear evidence that there were fixed in 8.1.1, and ask them to
> update the CVE entries. They will automatically take care of adding the
> CPE entry, and update the CVE information.
That will be very nice, and simpler than generating an XML entry as described
on the CPE submission web page ([0]).
I will try to email them today and I keep you updated if I encountered
some problems to do it.
[0] https://cpe.mitre.org/dictionary/#process
Thank you again for your help !
Clément
More information about the buildroot
mailing list