mbox series

[0/1] apache2:apache2-native: CVE status update

Message ID 20240703164042.20929-1-ninette@thehoodiefirm.com
Headers show
Series apache2:apache2-native: CVE status update | expand

Message

Ninette Adhikari July 3, 2024, 4:40 p.m. UTC 
Update status for: CVE-2007-0450, CVE-2010-0425

The current version (2.4.59) is not affected. It only applies for Windows.

Ninette Adhikari (1):
  apache2:apache2-native: CVE status update

 meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 2 ++
 1 file changed, 2 insertions(+)

--
2.44.0

Comments

Khem Raj July 3, 2024, 4:49 p.m. UTC | #1 
which branch is it for ?
Please mark it accordingly in subject line see -
https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#submitting-changes-to-stable-release-branches

On Wed, Jul 3, 2024 at 9:40 AM Ninette Adhikari via
lists.openembedded.org
<ninette=thehoodiefirm.com@lists.openembedded.org> wrote:
>
> Update status for: CVE-2007-0450, CVE-2010-0425
>
> The current version (2.4.59) is not affected. It only applies for Windows.
>
> Ninette Adhikari (1):
>   apache2:apache2-native: CVE status update
>
>  meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 2 ++
>  1 file changed, 2 insertions(+)
>
> --
> 2.44.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#111229): https://lists.openembedded.org/g/openembedded-devel/message/111229
> Mute This Topic: https://lists.openembedded.org/mt/107022825/1997914
> Group Owner: openembedded-devel+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
Ninette Adhikari July 3, 2024, 5:44 p.m. UTC | #2 
Hi Khem,
This is meant for the 'master' branch. It is a status update for some CVEs.
I'll make sure to include the branch name in the subject for future
patches. For this patch, do I need to resend it with an updated subject
line? Please let me know. Thanks so much!

Ninette

On Wed, Jul 3, 2024 at 9:49 AM Khem Raj <raj.khem@gmail.com> wrote:

> which branch is it for ?
> Please mark it accordingly in subject line see -
>
> https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#submitting-changes-to-stable-release-branches
>
> On Wed, Jul 3, 2024 at 9:40 AM Ninette Adhikari via
> lists.openembedded.org
> <ninette=thehoodiefirm.com@lists.openembedded.org> wrote:
> >
> > Update status for: CVE-2007-0450, CVE-2010-0425
> >
> > The current version (2.4.59) is not affected. It only applies for
> Windows.
> >
> > Ninette Adhikari (1):
> >   apache2:apache2-native: CVE status update
> >
> >  meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 2 ++
> >  1 file changed, 2 insertions(+)
> >
> > --
> > 2.44.0
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#111229):
> https://lists.openembedded.org/g/openembedded-devel/message/111229
> > Mute This Topic: https://lists.openembedded.org/mt/107022825/1997914
> > Group Owner: openembedded-devel+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [
> raj.khem@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
Khem Raj July 3, 2024, 5:53 p.m. UTC | #3 
Please rebase it on latest master and see if it’s still needed

On Wed, Jul 3, 2024 at 10:44 AM Ninette Adhikari <ninette@neighbourhood.ie>
wrote:

> Hi Khem,
> This is meant for the 'master' branch. It is a status update for some CVEs.
> I'll make sure to include the branch name in the subject for future
> patches. For this patch, do I need to resend it with an updated subject
> line? Please let me know. Thanks so much!
>
> Ninette
>
> On Wed, Jul 3, 2024 at 9:49 AM Khem Raj <raj.khem@gmail.com> wrote:
>
>> which branch is it for ?
>> Please mark it accordingly in subject line see -
>>
>> https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#submitting-changes-to-stable-release-branches
>>
>> On Wed, Jul 3, 2024 at 9:40 AM Ninette Adhikari via
>> lists.openembedded.org
>> <ninette=thehoodiefirm.com@lists.openembedded.org> wrote:
>> >
>> > Update status for: CVE-2007-0450, CVE-2010-0425
>> >
>> > The current version (2.4.59) is not affected. It only applies for
>> Windows.
>> >
>> > Ninette Adhikari (1):
>> >   apache2:apache2-native: CVE status update
>> >
>> >  meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 2 ++
>> >  1 file changed, 2 insertions(+)
>> >
>> > --
>> > 2.44.0
>> >
>> >
>> > -=-=-=-=-=-=-=-=-=-=-=-
>> > Links: You receive all messages sent to this group.
>> > View/Reply Online (#111229):
>> https://lists.openembedded.org/g/openembedded-devel/message/111229
>> > Mute This Topic: https://lists.openembedded.org/mt/107022825/1997914
>> > Group Owner: openembedded-devel+owner@lists.openembedded.org
>> > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
>> [raj.khem@gmail.com]
>> > -=-=-=-=-=-=-=-=-=-=-=-
>> >
>>
>
Ninette Adhikari July 3, 2024, 6:10 p.m. UTC | #4 
I pulled the latest and I see the apache2 version is updated to 2.4.60. But
the CVE list
<https://autobuilder.yocto.io/pub/non-release/patchmetrics-meta-oe/cve-status-master.txt>
still has the following CVEs listed: CVE-2007-0450, CVE-2010-0425
I'll send a new patch against the latest master branch to update status of
the CVEs.
Thanks!
Ninette

On Wed, Jul 3, 2024 at 10:53 AM Khem Raj <raj.khem@gmail.com> wrote:

> Please rebase it on latest master and see if it’s still needed
>
> On Wed, Jul 3, 2024 at 10:44 AM Ninette Adhikari <ninette@neighbourhood.ie>
> wrote:
>
>> Hi Khem,
>> This is meant for the 'master' branch. It is a status update for some
>> CVEs.
>> I'll make sure to include the branch name in the subject for future
>> patches. For this patch, do I need to resend it with an updated subject
>> line? Please let me know. Thanks so much!
>>
>> Ninette
>>
>> On Wed, Jul 3, 2024 at 9:49 AM Khem Raj <raj.khem@gmail.com> wrote:
>>
>>> which branch is it for ?
>>> Please mark it accordingly in subject line see -
>>>
>>> https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#submitting-changes-to-stable-release-branches
>>>
>>> On Wed, Jul 3, 2024 at 9:40 AM Ninette Adhikari via
>>> lists.openembedded.org
>>> <ninette=thehoodiefirm.com@lists.openembedded.org> wrote:
>>> >
>>> > Update status for: CVE-2007-0450, CVE-2010-0425
>>> >
>>> > The current version (2.4.59) is not affected. It only applies for
>>> Windows.
>>> >
>>> > Ninette Adhikari (1):
>>> >   apache2:apache2-native: CVE status update
>>> >
>>> >  meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 2 ++
>>> >  1 file changed, 2 insertions(+)
>>> >
>>> > --
>>> > 2.44.0
>>> >
>>> >
>>> > -=-=-=-=-=-=-=-=-=-=-=-
>>> > Links: You receive all messages sent to this group.
>>> > View/Reply Online (#111229):
>>> https://lists.openembedded.org/g/openembedded-devel/message/111229
>>> > Mute This Topic: https://lists.openembedded.org/mt/107022825/1997914
>>> > Group Owner: openembedded-devel+owner@lists.openembedded.org
>>> > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub
>>> [raj.khem@gmail.com]
>>> > -=-=-=-=-=-=-=-=-=-=-=-
>>> >
>>>
>>