[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: Re: [OE-core] OE-core CVE metrics for master on Sun 30 Oct 2022 02:00:01 AM HST
From: "Khem Raj" <raj.khem () gmail ! com>
Date: 2022-10-31 16:12:25
Message-ID: CAMKF1sr-Fk=1dnaPzdmCX==C4TrgjjOG0Oy=0_yy==153mtpyA () mail ! gmail ! com
[Download RAW message or body]
On Sun, Oct 30, 2022 at 5:03 AM Steve Sakoman <steve@sakoman.com> wrote:
>
> Branch: master
>
> New this week: 2 CVEs
> CVE-2022-3705 (CVSS3: 7.5 HIGH): vim \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 * CVE-2022-43680 \
> (CVSS3: 7.5 HIGH): expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43680 *
> Removed this week: 17 CVEs
> CVE-2022-3165 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3165 * CVE-2022-3352 \
> (CVSS3: 7.8 HIGH): vim \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3352 * CVE-2022-3358 \
> (CVSS3: 7.5 HIGH): openssl:openssl-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3358 * CVE-2022-3550 \
> (CVSS3: 9.8 CRITICAL): xserver-xorg \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 * CVE-2022-3551 \
> (CVSS3: 7.5 HIGH): xserver-xorg \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3551 * CVE-2022-3553 \
> (CVSS3: 7.5 HIGH): xserver-xorg \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * CVE-2022-3554 \
> (CVSS3: 7.5 HIGH): libx11:libx11-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3554 * CVE-2022-3555 \
> (CVSS3: 7.5 HIGH): libx11:libx11-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3555 * CVE-2022-3570 \
> (CVSS3: 9.8 CRITICAL): tiff \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3570 * CVE-2022-3597 \
> (CVSS3: 6.5 MEDIUM): tiff \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3597 * CVE-2022-3598 \
> (CVSS3: 6.5 MEDIUM): tiff \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3598 * CVE-2022-3599 \
> (CVSS3: 6.5 MEDIUM): tiff \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3599 * CVE-2022-3626 \
> (CVSS3: 6.5 MEDIUM): tiff \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3626 * CVE-2022-3627 \
> (CVSS3: 6.5 MEDIUM): tiff \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3627 * CVE-2022-39253 \
> (CVSS3: 5.5 MEDIUM): git \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39253 * CVE-2022-39260 \
> (CVSS3: 8.8 HIGH): git \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39260 * CVE-2022-41556 \
> (CVSS3: 7.5 HIGH): lighttpd \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556 *
> Full list: Found 5 unpatched CVEs
> CVE-2022-2879 (CVSS3: 7.5 HIGH): go \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2879 * CVE-2022-2880 \
> (CVSS3: 7.5 HIGH): go \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2880 * CVE-2022-3705 \
> (CVSS3: 7.5 HIGH): vim \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 * CVE-2022-41715 \
> (CVSS3: 7.5 HIGH): go \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41715 *
Sent a patch for 1.19.2 upgrade which should take care of all go CVEs
reported here.
> CVE-2022-43680 (CVSS3: 7.5 HIGH): expat:expat-native \
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43680 *
> For further information see: \
> https://autobuilder.yocto.io/pub/non-release/patchmetrics/
>
>
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#172329): https://lists.openembedded.org/g/openembedded-core/message/172329
Mute This Topic: https://lists.openembedded.org/mt/94662953/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic