On Sun, Sep 25, 2022 at 4:34 AM Steve Sakoman via lists.openembedded.org <[email protected]> wrote: > > Branch: dunfell > > New this week: 7 CVEs > CVE-2022-2795 (CVSS3: 7.5 HIGH): bind > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2795 * > CVE-2022-2962 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2962 * > CVE-2022-3234 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3234 * > CVE-2022-3235 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3235 * > CVE-2022-3256 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3256 * > CVE-2022-38177 (CVSS3: 7.5 HIGH): bind > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38177 * > CVE-2022-38178 (CVSS3: 7.5 HIGH): bind > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38178 * > > Removed this week: 14 CVEs > CVE-2020-13754 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-13754 * > CVE-2020-27661 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27661 * > CVE-2020-35525 (CVSS3: 7.5 HIGH): sqlite3:sqlite3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35525 * > CVE-2020-35527 (CVSS3: 9.8 CRITICAL): sqlite3:sqlite3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35527 * > CVE-2021-20223 (CVSS3: 9.8 CRITICAL): sqlite3:sqlite3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20223 * > CVE-2021-28544 (CVSS3: 4.3 MEDIUM): subversion > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28544 * > CVE-2021-3713 (CVSS3: 7.4 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3713 * > CVE-2021-3748 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3748 * > CVE-2021-3930 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3930 * > CVE-2021-4206 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4206 * > CVE-2021-4207 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4207 * > CVE-2022-0216 (CVSS3: 4.4 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0216 * > CVE-2022-32293 (CVSS3: 8.1 HIGH): connman > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32293 * > CVE-2022-40674 (CVSS3: 9.8 CRITICAL): expat:expat-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40674 *
Thanks to all who have contributed to the dunfell CVE reduction effort! CVE fixes for last week resulted in the following raffle entries: CVE-2020-13754 Chee Yang Lee <[email protected]> CVE-2020-27661 Chee Yang Lee <[email protected]> CVE-2020-35525 Virendra Thakur <[email protected]> CVE-2020-35527 Virendra Thakur <[email protected]> CVE-2021-20223 Sana Kazi <[email protected]> CVE-2021-28544 Chee Yang Lee <[email protected]> CVE-2021-3713 Chee Yang Lee <[email protected]> CVE-2021-3748 Chee Yang Lee <[email protected]> CVE-2021-3930 Chee Yang Lee <[email protected]> CVE-2021-4206 Chee Yang Lee <[email protected]> CVE-2021-4207 Chee Yang Lee <[email protected]> CVE-2022-0216 Chee Yang Lee <[email protected]> CVE-2022-32293 Hitendra Prajapati <[email protected]> CVE-2022-40674 Virendra Thakur <[email protected]> Many thanks! Steve > Full list: Found 88 unpatched CVEs > CVE-2018-25032 (CVSS3: 7.5 HIGH): python3:python3-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25032 * > CVE-2020-15469 (CVSS3: 2.3 LOW): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15469 * > CVE-2020-15705 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15705 * > CVE-2020-15859 (CVSS3: 3.3 LOW): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-15859 * > CVE-2020-17380 (CVSS3: 6.3 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-17380 * > CVE-2020-25742 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25742 * > CVE-2020-25743 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-25743 * > CVE-2020-27749 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27749 * > CVE-2020-29510 (CVSS3: 5.6 MEDIUM): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29510 * > CVE-2020-29623 (CVSS3: 3.3 LOW): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-29623 * > CVE-2020-35503 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 * > CVE-2020-35504 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35504 * > CVE-2020-35505 (CVSS3: 4.4 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35505 * > CVE-2020-35506 (CVSS3: 6.7 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35506 * > CVE-2020-9948 (CVSS3: 8.8 HIGH): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9948 * > CVE-2020-9951 (CVSS3: 8.8 HIGH): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9951 * > CVE-2020-9952 (CVSS3: 7.1 HIGH): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-9952 * > CVE-2021-1765 (CVSS3: 6.5 MEDIUM): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1765 * > CVE-2021-1789 (CVSS3: 8.8 HIGH): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1789 * > CVE-2021-1799 (CVSS3: 6.5 MEDIUM): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1799 * > CVE-2021-1801 (CVSS3: 6.5 MEDIUM): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1801 * > CVE-2021-1870 (CVSS3: 9.8 CRITICAL): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1870 * > CVE-2021-20225 (CVSS3: 6.7 MEDIUM): grub:grub-efi:grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20225 * > CVE-2021-20233 (CVSS3: 8.2 HIGH): grub:grub-efi:grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20233 * > CVE-2021-20295 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20295 * > CVE-2021-27097 (CVSS3: 7.8 HIGH): u-boot > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27097 * > CVE-2021-27138 (CVSS3: 7.8 HIGH): u-boot > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27138 * > CVE-2021-31879 (CVSS3: 6.1 MEDIUM): wget > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 * > CVE-2021-33194 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33194 * > CVE-2021-33195 (CVSS3: 7.3 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33195 * > CVE-2021-33198 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33198 * > CVE-2021-3409 (CVSS3: 5.7 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3409 * > CVE-2021-3418 (CVSS3: 6.4 MEDIUM): grub:grub-efi:grub-efi-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3418 * > CVE-2021-3445 (CVSS3: 7.5 HIGH): libdnf > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3445 * > CVE-2021-3507 (CVSS3: 6.1 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3507 * > CVE-2021-3521 (CVSS3: 4.7 MEDIUM): rpm:rpm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3521 * > CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * > CVE-2021-35938 (CVSS3: 7.8 HIGH): rpm:rpm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * > CVE-2021-35939 (CVSS3: 7.8 HIGH): rpm:rpm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * > CVE-2021-3611 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3611 * > CVE-2021-3638 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3638 * > CVE-2021-3750 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3750 * > CVE-2021-3800 (CVSS3: 7.5 HIGH): glib-2.0:glib-2.0-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3800 * > CVE-2021-3929 (CVSS3: 8.2 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3929 * > CVE-2021-3947 (CVSS3: 5.5 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3947 * > CVE-2021-41772 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-41772 * > CVE-2021-42762 (CVSS3: 5.3 MEDIUM): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-42762 * > CVE-2021-44716 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-44716 * > CVE-2021-45085 (CVSS3: 6.1 MEDIUM): epiphany > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45085 * > CVE-2021-45086 (CVSS3: 6.1 MEDIUM): epiphany > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45086 * > CVE-2021-45087 (CVSS3: 6.1 MEDIUM): epiphany > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45087 * > CVE-2021-45088 (CVSS3: 6.1 MEDIUM): epiphany > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45088 * > CVE-2021-45481 (CVSS3: 6.5 MEDIUM): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45481 * > CVE-2021-45482 (CVSS3: 6.5 MEDIUM): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45482 * > CVE-2021-45483 (CVSS3: 6.5 MEDIUM): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45483 * > CVE-2021-45944 (CVSS3: 5.5 MEDIUM): ghostscript:ghostscript-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45944 * > CVE-2022-0358 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0358 * > CVE-2022-1050 (CVSS3: 8.8 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1050 * > CVE-2022-1705 (CVSS3: 6.5 MEDIUM): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1705 * > CVE-2022-1962 (CVSS3: 5.5 MEDIUM): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1962 * > CVE-2022-2294 (CVSS3: 8.8 HIGH): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2294 * > CVE-2022-23773 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23773 * > CVE-2022-24765 (CVSS3: 7.8 HIGH): git > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24765 * > CVE-2022-24921 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24921 * > CVE-2022-26354 (CVSS3: 3.2 LOW): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26354 * > CVE-2022-27664 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27664 * > CVE-2022-2795 (CVSS3: 7.5 HIGH): bind > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2795 * > CVE-2022-28131 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28131 * > CVE-2022-28327 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28327 * > CVE-2022-29154 (CVSS3: 7.4 HIGH): rsync:rsync-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29154 * > CVE-2022-2953 (CVSS3: 5.5 MEDIUM): tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2953 * > CVE-2022-29536 (CVSS3: 7.5 HIGH): epiphany > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29536 * > CVE-2022-2962 (CVSS3: 7.8 HIGH): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2962 * > CVE-2022-29804 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29804 * > CVE-2022-30293 (CVSS3: 7.5 HIGH): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30293 * > CVE-2022-30580 (CVSS3: 7.8 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30580 * > CVE-2022-30630 (CVSS3: 7.5 HIGH): go:go-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30630 * > CVE-2022-30767 (CVSS3: 9.8 CRITICAL): u-boot > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30767 * > CVE-2022-3234 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3234 * > CVE-2022-3235 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3235 * > CVE-2022-3256 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3256 * > CVE-2022-32893 (CVSS3: 8.8 HIGH): webkitgtk > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32893 * > CVE-2022-34835 (CVSS3: 9.8 CRITICAL): u-boot > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34835 * > CVE-2022-38177 (CVSS3: 7.5 HIGH): bind > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38177 * > CVE-2022-38178 (CVSS3: 7.5 HIGH): bind > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38178 * > CVE-2022-39028 (CVSS3: 7.5 HIGH): inetutils > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39028 * > CVE-2022-39176 (CVSS3: 8.8 HIGH): bluez5 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39176 * > CVE-2022-39177 (CVSS3: 8.8 HIGH): bluez5 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39177 * > > For further information see: > https://autobuilder.yocto.io/pub/non-release/patchmetrics/ > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#171067): https://lists.openembedded.org/g/openembedded-core/message/171067 Mute This Topic: https://lists.openembedded.org/mt/93907745/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
