|
|
OE-core CVE metrics for master on Sun 12 Feb 2023 02:00:01 AM HST
Branch: master
New this week: 2 CVEs
CVE-2022-48303 (CVSS3: 7.8 HIGH): tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48303 *
CVE-2023-25139 (CVSS3: 9.8 CRITICAL): glibc
|
Branch: master
New this week: 2 CVEs
CVE-2022-48303 (CVSS3: 7.8 HIGH): tar https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48303 *
CVE-2023-25139 (CVSS3: 9.8 CRITICAL): glibc
|
By
Steve Sakoman
·
#753
·
|
|
OE-core CVE metrics for langdale on Tue 07 Feb 2023 06:59:29 AM HST
Branch: langdale
New this week: 7 CVEs
CVE-2022-3094 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3094 *
CVE-2022-3736 (CVSS3: 7.5 HIGH): bind
|
Branch: langdale
New this week: 7 CVEs
CVE-2022-3094 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3094 *
CVE-2022-3736 (CVSS3: 7.5 HIGH): bind
|
By
Steve Sakoman
·
#752
·
|
|
OE-core CVE metrics for kirkstone on Tue 07 Feb 2023 06:55:17 AM HST
Branch: kirkstone
New this week: 7 CVEs
CVE-2022-3094 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3094 *
CVE-2022-3736 (CVSS3: 7.5 HIGH): bind
|
Branch: kirkstone
New this week: 7 CVEs
CVE-2022-3094 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3094 *
CVE-2022-3736 (CVSS3: 7.5 HIGH): bind
|
By
Steve Sakoman
·
#751
·
|
|
OE-core CVE metrics for dunfell on Tue 07 Feb 2023 06:49:41 AM HST
Branch: dunfell
New this week: 4 CVEs
CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 *
CVE-2022-48281 (CVSS3: 5.5 MEDIUM):
|
Branch: dunfell
New this week: 4 CVEs
CVE-2022-42919 (CVSS3: 7.8 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42919 *
CVE-2022-48281 (CVSS3: 5.5 MEDIUM):
|
By
Steve Sakoman
·
#750
·
|
|
OE-core CVE metrics for master on Tue 07 Feb 2023 06:45:37 AM HST
Branch: master
New this week: 7 CVEs
CVE-2022-3094 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3094 *
CVE-2022-3736 (CVSS3: 7.5 HIGH): bind
|
Branch: master
New this week: 7 CVEs
CVE-2022-3094 (CVSS3: 7.5 HIGH): bind https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3094 *
CVE-2022-3736 (CVSS3: 7.5 HIGH): bind
|
By
Steve Sakoman
·
#749
·
|
|
Re: OE-core CVE metrics for master on Sun 29 Jan 2023 02:00:01 AM HST
Patches sent (upgrade and ignore).
NIST haven’t taken the CPE fixes I sent, re-sent.
This was fixed by a patch on the list that was incorrectly labelled as langdale, I’ve reposted it.
Both
|
Patches sent (upgrade and ignore).
NIST haven’t taken the CPE fixes I sent, re-sent.
This was fixed by a patch on the list that was incorrectly labelled as langdale, I’ve reposted it.
Both
|
By
Ross Burton
·
#748
·
|
|
OE-core CVE metrics for langdale on Sun 29 Jan 2023 03:30:01 AM HST
Branch: langdale
New this week: 7 CVEs
CVE-2022-23521 (CVSS3: 9.8 CRITICAL): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23521 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL):
|
Branch: langdale
New this week: 7 CVEs
CVE-2022-23521 (CVSS3: 9.8 CRITICAL): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23521 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL):
|
By
Steve Sakoman
·
#747
·
|
|
OE-core CVE metrics for kirkstone on Sun 29 Jan 2023 03:00:01 AM HST
Branch: kirkstone
New this week: 7 CVEs
CVE-2022-23521 (CVSS3: 9.8 CRITICAL): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23521 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL):
|
Branch: kirkstone
New this week: 7 CVEs
CVE-2022-23521 (CVSS3: 9.8 CRITICAL): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23521 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL):
|
By
Steve Sakoman
·
#746
·
|
|
OE-core CVE metrics for dunfell on Sun 29 Jan 2023 02:30:01 AM HST
Branch: dunfell
New this week: 5 CVEs
CVE-2022-23521 (CVSS3: 9.8 CRITICAL): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23521 *
CVE-2022-41903 (CVSS3: 9.8 CRITICAL): git
|
Branch: dunfell
New this week: 5 CVEs
CVE-2022-23521 (CVSS3: 9.8 CRITICAL): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23521 *
CVE-2022-41903 (CVSS3: 9.8 CRITICAL): git
|
By
Steve Sakoman
·
#745
·
|
|
OE-core CVE metrics for master on Sun 29 Jan 2023 02:00:01 AM HST
Branch: master
New this week: 3 CVEs
CVE-2022-23521 (CVSS3: 9.8 CRITICAL): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23521 *
CVE-2022-41903 (CVSS3: 9.8 CRITICAL): git
|
Branch: master
New this week: 3 CVEs
CVE-2022-23521 (CVSS3: 9.8 CRITICAL): git https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23521 *
CVE-2022-41903 (CVSS3: 9.8 CRITICAL): git
|
By
Steve Sakoman
·
#744
·
|
|
Re: [OE-core] OE-core CVE metrics for master on Sun 22 Jan 2023 02:00:01 AM HST
Lets put it in the manual. The wiki is good to pull together info but
I'd like the manual to be definitive. I've thought this about patch
submission for a while too, we have too many docs with the
|
Lets put it in the manual. The wiki is good to pull together info but
I'd like the manual to be definitive. I've thought this about patch
submission for a while too, we have too many docs with the
|
By
Richard Purdie
·
#743
·
|
|
Re: [OE-core] OE-core CVE metrics for master on Sun 22 Jan 2023 02:00:01 AM HST
I guess whilst the CVE triage process is actually quite simple, there’s a few non-obvious steps.
I’ve started braindumping into https://wiki.yoctoproject.org/wiki/CVE_Triage, when it’s expanded
|
I guess whilst the CVE triage process is actually quite simple, there’s a few non-obvious steps.
I’ve started braindumping into https://wiki.yoctoproject.org/wiki/CVE_Triage, when it’s expanded
|
By
Ross Burton
·
#742
·
|
|
Re: [OE-core] OE-core CVE metrics for master on Sun 22 Jan 2023 02:00:01 AM HST
This is quite often the case, perhaps those weekly reports could
include a pointer on how to do that?
Alex
|
This is quite often the case, perhaps those weekly reports could
include a pointer on how to do that?
Alex
|
By
Alexander Kanavin
·
#741
·
|
|
Re: [OE-core] OE-core CVE metrics for master on Sun 22 Jan 2023 02:00:01 AM HST
These are fixed in xserver-org 21.1.6, I’ve mailed to get the CPE updated.
Montavista sent a patch for kirkstone, I’ve asked that they post it for master/langdale too.
xdg-email is a mess.
|
These are fixed in xserver-org 21.1.6, I’ve mailed to get the CPE updated.
Montavista sent a patch for kirkstone, I’ve asked that they post it for master/langdale too.
xdg-email is a mess.
|
By
Ross Burton
·
#740
·
|
|
OE-core CVE metrics for langdale on Sun 22 Jan 2023 03:30:01 AM HST
Branch: langdale
New this week: 3 CVEs
CVE-2020-10735 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10735 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL):
|
Branch: langdale
New this week: 3 CVEs
CVE-2020-10735 (CVSS3: 7.5 HIGH): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10735 *
CVE-2022-3515 (CVSS3: 9.8 CRITICAL):
|
By
Steve Sakoman
·
#739
·
|
|
OE-core CVE metrics for kirkstone on Sun 22 Jan 2023 03:00:01 AM HST
Branch: kirkstone
New this week: 2 CVEs
CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 *
CVE-2023-0288
|
Branch: kirkstone
New this week: 2 CVEs
CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 *
CVE-2023-0288
|
By
Steve Sakoman
·
#738
·
|
|
OE-core CVE metrics for dunfell on Sun 22 Jan 2023 02:30:01 AM HST
Branch: dunfell
New this week: 2 CVEs
CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 *
CVE-2023-0288
|
Branch: dunfell
New this week: 2 CVEs
CVE-2022-3515 (CVSS3: 9.8 CRITICAL): gnupg:gnupg-native:libksba:libksba-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3515 *
CVE-2023-0288
|
By
Steve Sakoman
·
#737
·
|
|
OE-core CVE metrics for master on Sun 22 Jan 2023 02:00:01 AM HST
Branch: master
New this week: 0 CVEs
Removed this week: 3 CVEs
CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 *
CVE-2023-0051 (CVSS3: 7.8 HIGH):
|
Branch: master
New this week: 0 CVEs
Removed this week: 3 CVEs
CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 *
CVE-2023-0051 (CVSS3: 7.8 HIGH):
|
By
Steve Sakoman
·
#736
·
|
|
OE-core CVE metrics for langdale on Sun 15 Jan 2023 03:30:01 AM HST
Branch: langdale
New this week: 3 CVEs
CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 *
CVE-2023-0051 (CVSS3: 7.8 HIGH): vim
|
Branch: langdale
New this week: 3 CVEs
CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 *
CVE-2023-0051 (CVSS3: 7.8 HIGH): vim
|
By
Steve Sakoman
·
#735
·
|
|
OE-core CVE metrics for kirkstone on Sun 15 Jan 2023 03:00:01 AM HST
Branch: kirkstone
New this week: 3 CVEs
CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 *
CVE-2023-0051 (CVSS3: 7.8 HIGH): vim
|
Branch: kirkstone
New this week: 3 CVEs
CVE-2023-0049 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0049 *
CVE-2023-0051 (CVSS3: 7.8 HIGH): vim
|
By
Steve Sakoman
·
#734
·
|
