[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: Re: [OE-core] OE-core CVE metrics for dunfell on Sun 27 Feb 2022 04:30:01 AM HST
From: "Steve Sakoman" <steve () sakoman ! com>
Date: 2022-02-28 14:33:19
Message-ID: CAOSpxdasQ3kC+n=7U1-dR0GKtfKv+U+3o8zH=Zw9fSw-UqA+qw () mail ! gmail ! com
[Download RAW message or body]
On Sun, Feb 27, 2022 at 4:34 AM Steve Sakoman via
lists.openembedded.org <steve=sakoman.com@lists.openembedded.org>
wrote:
>
> Branch: dunfell
>
> New this week: 6 CVEs
> CVE-2022-24975: git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24975 \
> *
> CVE-2022-25235: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25235 *
> CVE-2022-25236: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25236 *
> CVE-2022-25313: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25313 *
> CVE-2022-25314: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25314 *
> CVE-2022-25315: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25315 *
I'm working on fixes for the above expat CVEs
Steve
>
> Removed this week: 36 CVEs
> CVE-2020-15999: freetype:freetype-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15999 *
> CVE-2021-33833: connman \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33833 *
> CVE-2021-3974: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3974 *
> CVE-2021-3984: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3984 *
> CVE-2021-4019: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4019 *
> CVE-2021-4136: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4136 *
> CVE-2021-4166: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4166 *
> CVE-2021-4173: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4173 *
> CVE-2021-4187: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4187 *
> CVE-2021-4192: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4192 *
> CVE-2021-4193: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4193 *
> CVE-2021-45078: binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45078 *
> CVE-2022-0128: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0128 *
> CVE-2022-0156: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0156 *
> CVE-2022-0158: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0158 *
> CVE-2022-0261: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0261 *
> CVE-2022-0318: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0318 *
> CVE-2022-0319: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0319 *
> CVE-2022-0359: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0359 *
> CVE-2022-0361: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0361 *
> CVE-2022-0368: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0368 *
> CVE-2022-0392: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0392 *
> CVE-2022-0393: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0393 *
> CVE-2022-0407: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0407 *
> CVE-2022-0408: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0408 *
> CVE-2022-0413: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0413 *
> CVE-2022-0417: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0417 *
> CVE-2022-0443: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0443 *
> CVE-2022-0554: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0554 *
> CVE-2022-22707: lighttpd \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-22707 *
> CVE-2022-23096: connman \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23096 *
> CVE-2022-23097: connman \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23097 *
> CVE-2022-23098: connman \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23098 *
> CVE-2022-23303: wpa-supplicant \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23303 *
> CVE-2022-23304: wpa-supplicant \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23304 *
> CVE-2022-23990: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23990 *
> Full list: Found 90 unpatched CVEs
> CVE-2018-21232: re2c:re2c-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-21232 *
> CVE-2019-12067: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
> CVE-2020-13253: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13253 *
> CVE-2020-13754: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13754 *
> CVE-2020-13791: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13791 *
> CVE-2020-15469: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15469 *
> CVE-2020-15705: grub:grub-efi:grub-efi-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 *
> CVE-2020-15859: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15859 *
> CVE-2020-15900: ghostscript-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15900 *
> CVE-2020-16590: binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16590 *
> CVE-2020-16591: binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16591 *
> CVE-2020-16599: binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-16599 *
> CVE-2020-17380: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17380 *
> CVE-2020-18974: nasm:nasm-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 *
> CVE-2020-25742: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 *
> CVE-2020-25743: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 *
> CVE-2020-27661: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27661 *
> CVE-2020-27749: grub:grub-efi:grub-efi-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 *
> CVE-2020-27821: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27821 *
> CVE-2020-29510: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29510 *
> CVE-2020-29623: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 *
> CVE-2020-35503: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
> CVE-2020-35504: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35504 *
> CVE-2020-35505: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 *
> CVE-2020-35506: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 *
> CVE-2020-3810: apt https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3810 *
> CVE-2021-1765: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 *
> CVE-2021-1789: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 *
> CVE-2021-1799: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 *
> CVE-2021-1801: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 *
> CVE-2021-1870: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 *
> CVE-2021-20225: grub:grub-efi:grub-efi-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225 *
> CVE-2021-20233: grub:grub-efi:grub-efi-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233 *
> CVE-2021-20255: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
> CVE-2021-20294: binutils:binutils-cross-testsuite:binutils-cross-x86_64:binutils-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20294 *
> CVE-2021-25219: bind \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-25219 *
> CVE-2021-27097: u-boot \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 *
> CVE-2021-27138: u-boot \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 *
> CVE-2021-27918: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27918 *
> CVE-2021-28966: ruby:ruby-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28966 *
> CVE-2021-31525: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31525 *
> CVE-2021-31879: wget \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
> CVE-2021-33194: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33194 *
> CVE-2021-33195: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33195 *
> CVE-2021-33198: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33198 *
> CVE-2021-3409: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3409 *
> CVE-2021-3418: grub:grub-efi:grub-efi-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 *
> CVE-2021-3445: libdnf \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 *
> CVE-2021-3472: xserver-xorg \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3472 *
> CVE-2021-3507: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3507 *
> CVE-2021-36221: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36221 *
> CVE-2021-36976: libarchive:libarchive-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36976 *
> CVE-2021-3713: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3713 *
> CVE-2021-38297: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-38297 *
> CVE-2021-39293: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-39293 *
> CVE-2021-4008: xserver-xorg \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4008 *
> CVE-2021-4009: xserver-xorg \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4009 *
> CVE-2021-4010: xserver-xorg \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4010 *
> CVE-2021-4011: xserver-xorg \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4011 *
> CVE-2021-4145: qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4145 *
> CVE-2021-4160: openssl:openssl-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4160 *
> CVE-2021-41771: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41771 *
> CVE-2021-41772: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41772 *
> CVE-2021-41817: ruby:ruby-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41817 *
> CVE-2021-41819: ruby:ruby-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41819 *
> CVE-2021-42762: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762 *
> CVE-2021-44716: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44716 *
> CVE-2021-44717: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44717 *
> CVE-2021-45085: epiphany \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45085 *
> CVE-2021-45086: epiphany \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45086 *
> CVE-2021-45087: epiphany \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45087 *
> CVE-2021-45088: epiphany \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45088 *
> CVE-2021-45481: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45481 *
> CVE-2021-45482: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45482 *
> CVE-2021-45483: webkitgtk \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45483 *
> CVE-2021-45944: ghostscript:ghostscript-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45944 *
> CVE-2021-45949: ghostscript-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45949 *
> CVE-2022-0529: unzip:unzip-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0529 *
> CVE-2022-0530: unzip:unzip-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0530 *
> CVE-2022-0561: tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0561 \
> *
> CVE-2022-0562: tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0562 \
> *
> CVE-2022-23772: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23772 *
> CVE-2022-23773: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23773 *
> CVE-2022-23806: go:go-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23806 *
> CVE-2022-24975: git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24975 \
> *
> CVE-2022-25235: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25235 *
> CVE-2022-25236: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25236 *
> CVE-2022-25313: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25313 *
> CVE-2022-25314: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25314 *
> CVE-2022-25315: expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25315 *
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162500): https://lists.openembedded.org/g/openembedded-core/message/162500
Mute This Topic: https://lists.openembedded.org/mt/89429163/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic