On Mon, Nov 9, 2020 at 8:36 AM Sakib Sajal <[email protected]> wrote: > > > On 2020-11-08 12:34 p.m., Steve Sakoman wrote: > > [Please note this e-mail is from an EXTERNAL e-mail address] > > Branch: dunfell > > New this week: > CVE-2020-27619: python3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27619 * > > Removed this week: > CVE-2019-20175: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20175 * > CVE-2019-20334: nasm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20334 * > CVE-2019-6290: nasm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6290 * > CVE-2019-6291: nasm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6291 * > CVE-2019-8343: nasm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8343 * > > Full list: Found 86 unpatched CVEs > > I will look after the qemu CVE's from CVE-2015-8345 and onwards.
Thanks Sakib. I appreciate all the help I can get! Note that many of these are matching due to the CPE wildcard entry matching all versions. So the CVEs may be fixed in recent qemu versions and all that is required is a request to the CPE maintainer to update the wildcard. But some research will be required to see if this is the case. If so an email to the maintainer can get this corrected. I've already done many where the fixes were somewhat easy to locate. The remaining ones will require varying levels of effort. If you haven't sent database update requests before let me know and I'll send you some examples. Steve > CVE-2012-4564: tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4564 * > CVE-2012-6094: cups > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-6094 * > CVE-2013-0800: cairo > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0800 * > CVE-2013-4235: shadow-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4235 * > CVE-2013-6629: ghostscript > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6629 * > CVE-2013-7381: libnotify > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7381 * > CVE-2014-9278: openssh > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9278 * > CVE-2015-7313: tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7313 * > CVE-2015-8345: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8345 * > CVE-2015-8619: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8619 * > CVE-2016-4002: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4002 * > CVE-2016-4614: libxml2 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4614 * > CVE-2016-6328: libexif > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6328 * > CVE-2016-6489: nettle > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6489 * > CVE-2016-9101: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9101 * > CVE-2016-9596: libxml2 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9596 * > CVE-2016-9598: libxml2 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9598 * > CVE-2016-9907: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9907 * > CVE-2016-9908: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9908 * > CVE-2016-9911: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9911 * > CVE-2016-9912: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9912 * > CVE-2016-9921: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9921 * > CVE-2016-9923: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9923 * > CVE-2017-3139: bind > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3139 * > CVE-2017-5957: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5957 * > CVE-2018-1000041: librsvg > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000041 * > CVE-2018-12433: libgcrypt > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12433 * > CVE-2018-12437: libgcrypt > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12437 * > CVE-2018-12438: libgcrypt > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12438 * > CVE-2018-12617: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12617 * > CVE-2018-13410: zip > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13410 * > CVE-2018-13684: zip > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-13684 * > CVE-2018-16517: nasm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16517 * > CVE-2018-16868: gnutls > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16868 * > CVE-2018-16869: nettle > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-16869 * > CVE-2018-18438: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18438 * > CVE-2018-19665: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19665 * > CVE-2018-21232: re2c > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-21232 * > CVE-2018-6553: cups > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-6553 * > CVE-2019-1010022: glibc > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010022 * > CVE-2019-1010023: glibc > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010023 * > CVE-2019-1010024: glibc > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010024 * > CVE-2019-1010025: glibc > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1010025 * > CVE-2019-14865: grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14865 * > CVE-2019-20446: librsvg > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20446 * > CVE-2019-20633: patch-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20633 * > CVE-2019-6293: flex-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293 * > CVE-2020-10648: u-boot > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10648 * > CVE-2020-11022: jquery > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11022 * > CVE-2020-11023: jquery > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11023 * > CVE-2020-12825: libcroco > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12825 * > CVE-2020-12829: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-12829 * > CVE-2020-13253: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13253 * > CVE-2020-13434: sqlite3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13434 * > CVE-2020-13435: sqlite3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13435 * > CVE-2020-13630: sqlite3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13630 * > CVE-2020-13631: sqlite3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13631 * > CVE-2020-13632: sqlite3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13632 * > CVE-2020-13645: glib-networking > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13645 * > CVE-2020-13754: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13754 * > CVE-2020-13791: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13791 * > CVE-2020-14145: openssh > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14145 * > CVE-2020-14150: bison-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14150 * > CVE-2020-14308: grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14308 * > CVE-2020-14309: grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14309 * > CVE-2020-14310: grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14310 * > CVE-2020-14311: grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14311 * > CVE-2020-15469: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15469 * > CVE-2020-15523: python3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15523 * > CVE-2020-15704: ppp > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15704 * > CVE-2020-15705: grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * > CVE-2020-15706: grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15706 * > CVE-2020-15707: grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15707 * > CVE-2020-15778: openssh > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15778 * > CVE-2020-15859: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15859 * > CVE-2020-15900: ghostscript-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15900 * > CVE-2020-24352: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24352 * > CVE-2020-24553: go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-24553 * > CVE-2020-25613: ruby > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25613 * > CVE-2020-25742: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * > CVE-2020-25743: qemu > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * > CVE-2020-26154: libproxy > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-26154 * > CVE-2020-27153: bluez5 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27153 * > CVE-2020-27619: python3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27619 * > CVE-2020-3810: apt > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-3810 * > CVE-2020-8432: u-boot > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8432 * > > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#144426): https://lists.openembedded.org/g/openembedded-core/message/144426 Mute This Topic: https://lists.openembedded.org/mt/78118037/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
