All of lore.kernel.org
 help / color / mirror / Atom feed
* OE-core CVE metrics for master on Sun 13 Jun 2021 04:00:01 AM HST
@ 2021-06-13 14:04 Steve Sakoman
  2021-06-14 10:42 ` [yocto-security] " Ross Burton
  2021-06-14 11:17 ` Ross Burton
  0 siblings, 2 replies; 3+ messages in thread
From: Steve Sakoman @ 2021-06-13 14:04 UTC (permalink / raw)
  To: openembedded-core, yocto-security

Branch: master

New this week: 10 CVEs
CVE-2019-12067: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
CVE-2020-17541: libjpeg-turbo:libjpeg-turbo-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17541 *
CVE-2020-27661: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27661 *
CVE-2020-27748: xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27748 *
CVE-2020-35503: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2020-35505: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 *
CVE-2021-3468: avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3468 *
CVE-2021-3544: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3544 *
CVE-2021-3545: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3545 *
CVE-2021-3546: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3546 *

Removed this week: 0 CVEs

Full list:  Found 17 unpatched CVEs
CVE-2019-12067: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
CVE-2019-6293: flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293 *
CVE-2020-17541: libjpeg-turbo:libjpeg-turbo-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17541 *
CVE-2020-27661: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27661 *
CVE-2020-27748: xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27748 *
CVE-2020-35503: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2020-35505: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 *
CVE-2021-20255: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
CVE-2021-31879: wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
CVE-2021-33574: glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33574 *
CVE-2021-3421: rpm:rpm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3421 *
CVE-2021-3468: avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3468 *
CVE-2021-3507: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3507 *
CVE-2021-3527: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3527 *
CVE-2021-3544: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3544 *
CVE-2021-3545: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3545 *
CVE-2021-3546: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3546 *

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [yocto-security] OE-core CVE metrics for master on Sun 13 Jun 2021 04:00:01 AM HST
  2021-06-13 14:04 OE-core CVE metrics for master on Sun 13 Jun 2021 04:00:01 AM HST Steve Sakoman
@ 2021-06-14 10:42 ` Ross Burton
  2021-06-14 11:17 ` Ross Burton
  1 sibling, 0 replies; 3+ messages in thread
From: Ross Burton @ 2021-06-14 10:42 UTC (permalink / raw)
  To: Steve Sakoman; +Cc: OE-core, yocto-security

On Sun, 13 Jun 2021 at 15:04, Steve Sakoman <steve@sakoman.com> wrote:
> CVE-2020-17541: libjpeg-turbo:libjpeg-turbo-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17541 *

Bad CPE, send a change request.

> CVE-2021-3468: avahi https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3468 *
> CVE-2021-3544: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3544 *
> CVE-2021-3545: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3545 *
> CVE-2021-3546: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3546 *

I have patches in test for these.

Ross

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [yocto-security] OE-core CVE metrics for master on Sun 13 Jun 2021 04:00:01 AM HST
  2021-06-13 14:04 OE-core CVE metrics for master on Sun 13 Jun 2021 04:00:01 AM HST Steve Sakoman
  2021-06-14 10:42 ` [yocto-security] " Ross Burton
@ 2021-06-14 11:17 ` Ross Burton
  1 sibling, 0 replies; 3+ messages in thread
From: Ross Burton @ 2021-06-14 11:17 UTC (permalink / raw)
  To: Steve Sakoman; +Cc: OE-core, yocto-security

On Sun, 13 Jun 2021 at 15:04, Steve Sakoman <steve@sakoman.com> wrote:
> CVE-2020-27661: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27661 *

Fixed in 5.2, CPE updated.

> CVE-2020-35505: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 *

Malformed CPE, I think.  This is fixed in 6.0.

Ross

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-06-14 11:17 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-06-13 14:04 OE-core CVE metrics for master on Sun 13 Jun 2021 04:00:01 AM HST Steve Sakoman
2021-06-14 10:42 ` [yocto-security] " Ross Burton
2021-06-14 11:17 ` Ross Burton

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.