On Mon, May 9, 2022 at 12:40 PM Marta Rybczynska <rybczynska@gmail.com>
wrote:

>
>
> On Sun, May 8, 2022 at 6:45 PM Richard Purdie <
> richard.purdie@linuxfoundation.org> wrote:
>
>> On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via
>> lists.openembedded.org wrote:
>> > Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406.
>> >
>> >
>>
>> I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022-
>> 27405 and CVE-2022-27406 were already in 2.12.0.
>>
>> I don't think the CVE checker is going to like these as they're using
>> dates for these for reasons I don't understand.
>>
>>
> They also include versions in the NVD, but there is no version "
> non-afected"
> as of today for CVE-2022-27404. I'll figure out the exact versions for
> those
> CVEs and update the NVD in the next hours.
>
> Kind regards,
> Marta
>

Update: the message to NVD has been sent. According to my analysis all three
CVEs have been fixed in 2.12.0.

Regards,
Marta