On Thu, 19 Nov 2020 at 16:41, <[email protected]> wrote: > Or is the problem here that sqlite version 3.33 is not listed correctly on > https://nvd.nist.gov/vuln/detail/CVE-2015-3717#match-3021743 > as I don't see this reported even for older 3.22 version in by yocto CVE > checker?
So there's a bug in the CPE parsing that I have a local patch for, which meant this and 38 other issues were not reported. I have reported the findings in that thread to NVD to see if they want to add a version to the CVE, but considering it's not actually known what the issue is I suspect they might not want to add it. In an ideal world Apple would verify that the issue is iOS/macOS specific, but that's not likely to happen. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#144849): https://lists.openembedded.org/g/openembedded-core/message/144849 Mute This Topic: https://lists.openembedded.org/mt/78361986/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
