* OE-core CVE metrics for master on Sun 06 Mar 2022 04:00:01 AM HST
@ 2022-03-06 14:03 steve
2022-03-07 11:28 ` [yocto-security] " Ross Burton
2022-03-07 15:21 ` Ross Burton
0 siblings, 2 replies; 4+ messages in thread
From: steve @ 2022-03-06 14:03 UTC (permalink / raw)
To: openembedded-core, yocto-security
Branch: master
New this week: 13 CVEs
CVE-2021-3930: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3930 *
CVE-2021-3947: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3947 *
CVE-2021-44568: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44568 *
CVE-2021-44571: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44571 *
CVE-2021-44573: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44573 *
CVE-2021-44574: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44574 *
CVE-2021-44575: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44575 *
CVE-2021-44576: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44576 *
CVE-2021-44577: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44577 *
CVE-2022-0696: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0696 *
CVE-2022-0714: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0714 *
CVE-2022-0729: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0729 *
CVE-2022-25643: seatd https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25643 *
Removed this week: 0 CVEs
Full list: Found 20 unpatched CVEs
CVE-2019-12067: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
CVE-2020-18974: nasm:nasm-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-18974 *
CVE-2021-20255: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
CVE-2021-3930: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3930 *
CVE-2021-3947: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3947 *
CVE-2021-44568: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44568 *
CVE-2021-44571: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44571 *
CVE-2021-44573: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44573 *
CVE-2021-44574: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44574 *
CVE-2021-44575: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44575 *
CVE-2021-44576: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44576 *
CVE-2021-44577: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44577 *
CVE-2021-44647: lua:lua-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44647 *
CVE-2022-0529: unzip:unzip-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0529 *
CVE-2022-0530: unzip:unzip-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0530 *
CVE-2022-0696: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0696 *
CVE-2022-0714: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0714 *
CVE-2022-0729: vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0729 *
CVE-2022-24975: git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24975 *
CVE-2022-25643: seatd https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25643 *
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [yocto-security] OE-core CVE metrics for master on Sun 06 Mar 2022 04:00:01 AM HST
2022-03-06 14:03 OE-core CVE metrics for master on Sun 06 Mar 2022 04:00:01 AM HST steve
@ 2022-03-07 11:28 ` Ross Burton
2022-03-07 14:32 ` Steve Sakoman
2022-03-07 15:21 ` Ross Burton
1 sibling, 1 reply; 4+ messages in thread
From: Ross Burton @ 2022-03-07 11:28 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core, yocto-security
On Sun, 6 Mar 2022 at 14:03, Steve Sakoman <steve@sakoman.com> wrote:
> CVE-2021-44568: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44568 *
> CVE-2021-44571: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44571 *
> CVE-2021-44573: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44573 *
> CVE-2021-44574: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44574 *
> CVE-2021-44575: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44575 *
> CVE-2021-44576: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44576 *
> CVE-2021-44577: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44577 *
All of these are the same bug, fixed some time ago. I've told NIST the
correct CPE information so they'll disappear on the next run.
Ross
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [yocto-security] OE-core CVE metrics for master on Sun 06 Mar 2022 04:00:01 AM HST
2022-03-07 11:28 ` [yocto-security] " Ross Burton
@ 2022-03-07 14:32 ` Steve Sakoman
0 siblings, 0 replies; 4+ messages in thread
From: Steve Sakoman @ 2022-03-07 14:32 UTC (permalink / raw)
To: Ross Burton; +Cc: openembedded-core, yocto-security
On Mon, Mar 7, 2022 at 1:29 AM Ross Burton <ross@burtonini.com> wrote:
>
> On Sun, 6 Mar 2022 at 14:03, Steve Sakoman <steve@sakoman.com> wrote:
> > CVE-2021-44568: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44568 *
> > CVE-2021-44571: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44571 *
> > CVE-2021-44573: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44573 *
> > CVE-2021-44574: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44574 *
> > CVE-2021-44575: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44575 *
> > CVE-2021-44576: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44576 *
> > CVE-2021-44577: libsolv https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44577 *
>
> All of these are the same bug, fixed some time ago. I've told NIST the
> correct CPE information so they'll disappear on the next run.
Thanks Ross!
Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [yocto-security] OE-core CVE metrics for master on Sun 06 Mar 2022 04:00:01 AM HST
2022-03-06 14:03 OE-core CVE metrics for master on Sun 06 Mar 2022 04:00:01 AM HST steve
2022-03-07 11:28 ` [yocto-security] " Ross Burton
@ 2022-03-07 15:21 ` Ross Burton
1 sibling, 0 replies; 4+ messages in thread
From: Ross Burton @ 2022-03-07 15:21 UTC (permalink / raw)
To: Steve Sakoman; +Cc: openembedded-core, yocto-security
On Sun, 6 Mar 2022 at 14:03, Steve Sakoman <steve@sakoman.com> wrote:
> CVE-2021-3930: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3930 *
> CVE-2021-3947: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3947 *
And these two are bad CPE data too, I believe. Mailed and fingers crossed.
Ross
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-03-07 15:21 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-03-06 14:03 OE-core CVE metrics for master on Sun 06 Mar 2022 04:00:01 AM HST steve
2022-03-07 11:28 ` [yocto-security] " Ross Burton
2022-03-07 14:32 ` Steve Sakoman
2022-03-07 15:21 ` Ross Burton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.