On Sun, 2022-05-08 at 13:34 +0100, Richard Purdie via
lists.openembedded.org wrote:
> Includes fixes for CVE-2022-27404, CVE-2022-27405, CVE-2022-27406.
>
>
I'm amending this to "Include fix for CVE-2022-27404" since CVE-2022-
27405 and CVE-2022-27406 were already in 2.12.0.
I don't think the CVE checker is going to like these as they're using
dates for these for reasons I don't understand.
They also include versions in the NVD, but there is no version "non-afected"
as of today for CVE-2022-27404. I'll figure out the exact versions for those
CVEs and update the NVD in the next hours.
Kind regards,
Marta