All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Lee Chee Yang" <chee.yang.lee@intel.com>
To: Richard Purdie <richard.purdie@linuxfoundation.org>,
	Steve Sakoman <steve@sakoman.com>,
	"openembedded-core@lists.openembedded.org"
	<openembedded-core@lists.openembedded.org>,
	"yocto-security@lists.yoctoproject.org"
	<yocto-security@lists.yoctoproject.org>
Subject: Re: [yocto-security] OE-core CVE metrics for master on Sun 24 Jan 2021 07:15:01 AM HST
Date: Mon, 25 Jan 2021 02:39:12 +0000	[thread overview]
Message-ID: <MWHPR11MB20005F089BE21737CFA246E7B9BD9@MWHPR11MB2000.namprd11.prod.outlook.com> (raw)
In-Reply-To: <cc80f8541aeef99a4625420fbf7d27dcc6abf341.camel@linuxfoundation.org>

The changes expose these, it ignored trailing character in this version compare ( "i" in this case for openssl_1.1.1i )
(CVE-2019-1543, CVE-2019-1547, CVE-2019-1549, CVE-2019-1551, CVE-2019-1552, CVE-2019-1563, CVE-2020-1967, CVE-2020-1971)  
behave this way because its difficult to define the trailing characters (like version 1.1b can be 1.1 beta or patched release 1.1b) 


NVD just updated these recently 
CVE-2013-0800, CVE-2020-14409, CVE-2020-14410



>-----Original Message-----
>From: Richard Purdie <richard.purdie@linuxfoundation.org>
>Sent: Monday, 25 January, 2021 7:21 AM
>To: Steve Sakoman <steve@sakoman.com>; openembedded-
>core@lists.openembedded.org; yocto-security@lists.yoctoproject.org
>Cc: Lee, Chee Yang <chee.yang.lee@intel.com>
>Subject: Re: [yocto-security] OE-core CVE metrics for master on Sun 24 Jan 2021
>07:15:01 AM HST
>
>On Sun, 2021-01-24 at 07:18 -1000, Steve Sakoman wrote:
>> Branch: master
>>
>> New this week:
>> CVE-2013-0800: pixman
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0800 *
>> CVE-2019-1543: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1543 *
>> CVE-2019-1547: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1547 *
>> CVE-2019-1549: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1549 *
>> CVE-2019-1551: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1551 *
>> CVE-2019-1552: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1552 *
>> CVE-2019-1563: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1563 *
>> CVE-2020-14409: libsdl2
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14409 *
>> CVE-2020-14410: libsdl2
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14410 *
>> CVE-2020-1967: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1967 *
>> CVE-2020-1971: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1971 *
>
>Adding Chee Yang, did the recent cve-check change mean some version
>comparisons regressed and exposed CVEs that shouldn't be in this list, or were we
>making some we need to fix? Or did some other change expose these?
>
>Cheers,
>
>Richard
>
>


  reply	other threads:[~2021-01-25  2:39 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-01-24 17:18 OE-core CVE metrics for master on Sun 24 Jan 2021 07:15:01 AM HST Steve Sakoman
2021-01-24 23:20 ` [yocto-security] " Richard Purdie
2021-01-25  2:39   ` Lee Chee Yang [this message]
2021-01-25 22:10     ` Richard Purdie
2021-01-26  3:54       ` Lee Chee Yang
2021-01-26  9:54         ` [OE-core] " Ross Burton
2021-01-26 16:19           ` Lee Chee Yang
2021-01-26 16:55             ` Richard Purdie

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=MWHPR11MB20005F089BE21737CFA246E7B9BD9@MWHPR11MB2000.namprd11.prod.outlook.com \
    --to=chee.yang.lee@intel.com \
    --cc=openembedded-core@lists.openembedded.org \
    --cc=richard.purdie@linuxfoundation.org \
    --cc=steve@sakoman.com \
    --cc=yocto-security@lists.yoctoproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.