Date: Wed, 29 Sep 2021 15:55:43 +0200
From: =?UTF-8?Q?Bernhard_Fr=C3=B6hlich?= <decke@freebsd.org>
To: Jan Beich <jbeich@freebsd.org>
Cc: "ports-committers@freebsd.org" <ports-committers@freebsd.org>, "dev-commits-ports-all@freebsd.org" <dev-commits-ports-all@freebsd.org>, "dev-commits-ports-main@freebsd.org" <dev-commits-ports-main@freebsd.org>
Subject: Re: git: f07b3de4630f - main - security/vuxml: update seatd 0.6.{0, 1} entry
Message-ID: <CAE-m3X2hcVjZT1GrMxdFZRJMiGCiHiq8zn4vE-QVOGoxxNYQmQ@mail.gmail.com>
In-Reply-To: <CAE-m3X37tK0H4xvD=B9DE0b%2B_LKgh_Z=wvQcsJ4nhwA4LBWTXg@mail.gmail.com>
References: <202109172138.18HLc4NF056932__21043.0593624309$1631914770$gmane$org@gitrepo.freebsd.org> <czp6-g9bo-wny@FreeBSD.org> <CAE-m3X37tK0H4xvD=B9DE0b%2B_LKgh_Z=wvQcsJ4nhwA4LBWTXg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday, September 18, 2021, Bernhard Fr=C3=B6hlich <decke@freebsd.org> wrote: > On Friday, September 17, 2021, Jan Beich <jbeich@freebsd.org> wrote: > >> Jan Beich <jbeich@FreeBSD.org> writes: >> >> > The branch main has been updated by jbeich: >> > >> > URL: https://cgit.FreeBSD.org/ports/commit/?id=3Df07b3de4630f5062f4 >> de92232b6a5f5902ad21c8 >> > >> > commit f07b3de4630f5062f4de92232b6a5f5902ad21c8 >> > Author: Jan Beich <jbeich@FreeBSD.org> >> > AuthorDate: 2021-09-17 21:34:14 +0000 >> > Commit: Jan Beich <jbeich@FreeBSD.org> >> > CommitDate: 2021-09-17 21:37:59 +0000 >> > >> > security/vuxml: update seatd 0.6.{0,1} entry >> > >> > - Discovered 1 day before announcement >> > - Assigned CVE-2021-41387 >> >> Bernhard, can you check if sysutils/seatd now needs USES=3Dcpe? >> I've tried looking at NVD link[1] but it doesn't seem to list >> "Known Affected Software Configurations". >> >> [1] https://nvd.nist.gov/vuln/detail/CVE-2021-41387 >> > > The source oft truth is the CPE Dictionary but I could not find a matchin= g > entry yet. > > https://nvd.nist.gov/products/cpe/search/results? > namingFormat=3D2.3&keyword=3Dseatd > > This is a nice example to check the timing when it is added to the CPE > Dictionary. The CVE entry is currently in received state. > It took quite long but the CVE has switched to analyzed. https://nvd.nist.gov/vuln/detail/CVE-2021-41387 The used CPE is cpe:2.3:a:seatd_project:seatd so adding USES=3Dcpe and CPE_VENDOR=3Dseatd_project will be correct. Now I wonder when the CPE entry will be added to the CPE dictionary. --=20 Bernhard Froehlich http://www.bluelife.at/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAE-m3X2hcVjZT1GrMxdFZRJMiGCiHiq8zn4vE-QVOGoxxNYQmQ>