Re: [OE-core] [yocto-security] OE-core CVE metrics for master on Sun 24 Jan 2021 07:15:01 AM HST

Sun, 24 Jan 2021 18:39:34 -0800 

The changes expose these, it ignored trailing character in this version compare 
( "i" in this case for openssl_1.1.1i )
(CVE-2019-1543, CVE-2019-1547, CVE-2019-1549, CVE-2019-1551, CVE-2019-1552, 
CVE-2019-1563, CVE-2020-1967, CVE-2020-1971)  
behave this way because its difficult to define the trailing characters (like 
version 1.1b can be 1.1 beta or patched release 1.1b) 


NVD just updated these recently 
CVE-2013-0800, CVE-2020-14409, CVE-2020-14410



>-----Original Message-----
>From: Richard Purdie <[email protected]>
>Sent: Monday, 25 January, 2021 7:21 AM
>To: Steve Sakoman <[email protected]>; openembedded-
>[email protected]; [email protected]
>Cc: Lee, Chee Yang <[email protected]>
>Subject: Re: [yocto-security] OE-core CVE metrics for master on Sun 24 Jan 2021
>07:15:01 AM HST
>
>On Sun, 2021-01-24 at 07:18 -1000, Steve Sakoman wrote:
>> Branch: master
>>
>> New this week:
>> CVE-2013-0800: pixman
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0800 *
>> CVE-2019-1543: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1543 *
>> CVE-2019-1547: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1547 *
>> CVE-2019-1549: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1549 *
>> CVE-2019-1551: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1551 *
>> CVE-2019-1552: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1552 *
>> CVE-2019-1563: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-1563 *
>> CVE-2020-14409: libsdl2
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14409 *
>> CVE-2020-14410: libsdl2
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14410 *
>> CVE-2020-1967: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1967 *
>> CVE-2020-1971: openssl
>> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-1971 *
>
>Adding Chee Yang, did the recent cve-check change mean some version
>comparisons regressed and exposed CVEs that shouldn't be in this list, or were 
>we
>making some we need to fix? Or did some other change expose these?
>
>Cheers,
>
>Richard
>
>


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#147151): 
https://lists.openembedded.org/g/openembedded-core/message/147151
Mute This Topic: https://lists.openembedded.org/mt/80091462/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to