[Buildroot] [PATCH] package/qemu: security bump version to 8.1.1
Baruch Siach
baruch at tkos.co.il
Tue Oct 10 08:54:57 UTC 2023
Hi Clément,
On Tue, Oct 10 2023, Clément Ramirez wrote:
>> Provided that these CVEs are fixed with this version bump, why do we
>> need to ignore them?
>
> When I don't ignore the CVEs fixed with the version bump, the
> pkg-stats tool keeps displaying them.
> I think it's because the CPE database has no entries for the qemu 8.1.1 version
> and therefore does not know which CVEs are fixed in this specific version.
This is something that should be fixed in the CPE database.
In the mean time there should be a comment that explains why we ignore
these CVEs even though they do not actually affect the current package
version.
baruch
--
~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
More information about the buildroot
mailing list