Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable (optional) CVE reporting for the build #85

Closed
3 tasks done
KanjiMonster opened this issue Sep 20, 2023 · 2 comments · Fixed by #93 or bisdn/meta-switch#170
Closed
3 tasks done

Enable (optional) CVE reporting for the build #85

KanjiMonster opened this issue Sep 20, 2023 · 2 comments · Fixed by #93 or bisdn/meta-switch#170
Labels
enhancement New feature or request maintenance Updating third party packages or components to newer versions
Milestone
BISDN Linux 5.1

Comments

@KanjiMonster
Copy link
Contributor

KanjiMonster commented Sep 20, 2023
edited
Loading

Yocto allows CVE checking during the build, so let's make use of that to get a better understanding of security issues affecting BISDN Linux.

  • Update Kernel recipes with fixed CVEs.
  • Check our recipes for missing CPE IDs
  • Add fixed CVEs for the changelog
@KanjiMonster KanjiMonster added the enhancement New feature or request label Sep 20, 2023
@KanjiMonster KanjiMonster added this to the BISDN Linux 5.1 milestone Sep 20, 2023
@KanjiMonster KanjiMonster added the maintenance Updating third party packages or components to newer versions label Sep 20, 2023
This was linked to pull requests Oct 27, 2023
include a list of fixed CVEs in changelogs #93
Merged
python3-ryu: add CVE_PRODUCT for CVE reporting bisdn/meta-switch#170
Merged
@KanjiMonster
Copy link
Contributor Author

Found one package with a missing CVE name that has vulnerabilities, ryu.

@KanjiMonster
Copy link
Contributor Author

And there I thought this works as "and", and not "or" ...

@KanjiMonster KanjiMonster reopened this Oct 27, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request maintenance Updating third party packages or components to newer versions
Projects
None yet
Milestone
BISDN Linux 5.1
1 participant
@KanjiMonster