On Sun, May 8, 2022 at 6:45 PM Richard Purdie <richard.purdie@linuxfoundation.org> wrote:

On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via
lists.openembedded.org wrote:
> Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406.
>
>

I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022-
27405 and CVE-2022-27406 were already in 2.12.0.

I don't think the CVE checker is going to like these as they're using
dates for these for reasons I don't understand.

They also include versions in the NVD, but there is no version "non-afected"

as of today for CVE-2022-27404. I'll figure out the exact versions for those

CVEs and update the NVD in the next hours.

Kind regards,

Marta