On Tue, 2021-09-14 at 15:32 -1000, Steve Sakoman wrote: > > > On Tue, Sep 14, 2021, 3:15 PM Mittal, Anuj <[email protected]> > wrote: > > On Tue, 2021-09-14 at 08:03 -1000, Steve Sakoman wrote: > > > The CVE database correctly reports CVEs for oracle_berkley_db and > > > berkley_db. We use the oracle_berkley_db source tree and > > > therefore > > > should only check for oracle_berkely_db CVEs. Otherwise the > > > scanner > > > falsely reports CVEs that are fixed in oracle_berkley_db > > > > Aren't both the same thing? I think this revert is incorrect and > > the > > CVEs being flagged are correct. > > > > https://nvd.nist.gov/vuln/detail/CVE-2015-2583 > > > > The CPE data shows oracle as the vendor and berkeley_db as product. > > Yes, I agree. See my reply from earlier today where I withdrew this > patch!
Oh, this isn't showing up as threaded so I missed the reply. Thanks. Thanks, Anuj
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156035): https://lists.openembedded.org/g/openembedded-core/message/156035 Mute This Topic: https://lists.openembedded.org/mt/85608645/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
