git: f07b3de4630f - main - security/vuxml: update seatd 0.6.{0, 1} entry
Bernhard Fröhlich
decke at freebsd.org
Wed Sep 29 13:55:45 UTC 2021
On Saturday, September 18, 2021, Bernhard Fröhlich <decke at freebsd.org>
wrote:
> On Friday, September 17, 2021, Jan Beich <jbeich at freebsd.org> wrote:
>
>> Jan Beich <jbeich at FreeBSD.org> writes:
>>
>> > The branch main has been updated by jbeich:
>> >
>> > URL: https://cgit.FreeBSD.org/ports/commit/?id=f07b3de4630f5062f4
>> de92232b6a5f5902ad21c8
>> >
>> > commit f07b3de4630f5062f4de92232b6a5f5902ad21c8
>> > Author: Jan Beich <jbeich at FreeBSD.org>
>> > AuthorDate: 2021-09-17 21:34:14 +0000
>> > Commit: Jan Beich <jbeich at FreeBSD.org>
>> > CommitDate: 2021-09-17 21:37:59 +0000
>> >
>> > security/vuxml: update seatd 0.6.{0,1} entry
>> >
>> > - Discovered 1 day before announcement
>> > - Assigned CVE-2021-41387
>>
>> Bernhard, can you check if sysutils/seatd now needs USES=cpe?
>> I've tried looking at NVD link[1] but it doesn't seem to list
>> "Known Affected Software Configurations".
>>
>> [1] https://nvd.nist.gov/vuln/detail/CVE-2021-41387
>>
>
> The source oft truth is the CPE Dictionary but I could not find a matching
> entry yet.
>
> https://nvd.nist.gov/products/cpe/search/results?
> namingFormat=2.3&keyword=seatd
>
> This is a nice example to check the timing when it is added to the CPE
> Dictionary. The CVE entry is currently in received state.
>
It took quite long but the CVE has switched to analyzed.
https://nvd.nist.gov/vuln/detail/CVE-2021-41387
The used CPE is cpe:2.3:a:seatd_project:seatd so adding USES=cpe and
CPE_VENDOR=seatd_project will be correct.
Now I wonder when the CPE entry will be added to the CPE dictionary.
--
Bernhard Froehlich
http://www.bluelife.at/
More information about the dev-commits-ports-main
mailing list