[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openembedded-core
Subject:    Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 29 May 2022 02:00:01 AM HST
From:       "Richard Purdie" <richard.purdie () linuxfoundation ! org>
Date:       2022-05-31 12:49:43
Message-ID: facb4fed242ccf7370e8b370ca3b83096e4a90f2.camel () linuxfoundation ! org
[Download RAW message or body]

On Sun, 2022-05-29 at 02:02 -1000, Steve Sakoman wrote:
> Full list:  Found 6 unpatched CVEs
> CVE-2019-12067 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 * CVE-2020-18974 \
> (CVSS3: 3.3 LOW): nasm:nasm-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 * CVE-2021-20255 \
> (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 * CVE-2022-0529 \
> (CVSS3: 5.5 MEDIUM): unzip:unzip-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0529 * CVE-2022-0530 \
> (CVSS3: 5.5 MEDIUM): unzip:unzip-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0530 *

For CVE-2022-0530 I noticed discussion of:

https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=1010355;filename=CVE-2022-0530.patch;msg=20


Not sure if someone wants to test that?

Cheers,

Richard



-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#166309): https://lists.openembedded.org/g/openembedded-core/message/166309
Mute This Topic: https://lists.openembedded.org/mt/91450175/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-



[prev in list] [next in list] [prev in thread] [next in thread]