Re: [OE-core] OE-core CVE metrics for master on Sun 30 Oct 2022 02:00:01 AM HST

Mon, 31 Oct 2022 09:12:56 -0700 

On Sun, Oct 30, 2022 at 5:03 AM Steve Sakoman <st...@sakoman.com> wrote:
>
> Branch: master
>
> New this week: 2 CVEs
> CVE-2022-3705 (CVSS3: 7.5 HIGH): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 *
> CVE-2022-43680 (CVSS3: 7.5 HIGH): expat:expat-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43680 *
>
> Removed this week: 17 CVEs
> CVE-2022-3165 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3165 *
> CVE-2022-3352 (CVSS3: 7.8 HIGH): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3352 *
> CVE-2022-3358 (CVSS3: 7.5 HIGH): openssl:openssl-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3358 *
> CVE-2022-3550 (CVSS3: 9.8 CRITICAL): xserver-xorg 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 *
> CVE-2022-3551 (CVSS3: 7.5 HIGH): xserver-xorg 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3551 *
> CVE-2022-3553 (CVSS3: 7.5 HIGH): xserver-xorg 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 *
> CVE-2022-3554 (CVSS3: 7.5 HIGH): libx11:libx11-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3554 *
> CVE-2022-3555 (CVSS3: 7.5 HIGH): libx11:libx11-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3555 *
> CVE-2022-3570 (CVSS3: 9.8 CRITICAL): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3570 *
> CVE-2022-3597 (CVSS3: 6.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3597 *
> CVE-2022-3598 (CVSS3: 6.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3598 *
> CVE-2022-3599 (CVSS3: 6.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3599 *
> CVE-2022-3626 (CVSS3: 6.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3626 *
> CVE-2022-3627 (CVSS3: 6.5 MEDIUM): tiff 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3627 *
> CVE-2022-39253 (CVSS3: 5.5 MEDIUM): git 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39253 *
> CVE-2022-39260 (CVSS3: 8.8 HIGH): git 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39260 *
> CVE-2022-41556 (CVSS3: 7.5 HIGH): lighttpd 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556 *
>
> Full list:  Found 5 unpatched CVEs
> CVE-2022-2879 (CVSS3: 7.5 HIGH): go 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2879 *
> CVE-2022-2880 (CVSS3: 7.5 HIGH): go 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2880 *
> CVE-2022-3705 (CVSS3: 7.5 HIGH): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 *
> CVE-2022-41715 (CVSS3: 7.5 HIGH): go 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41715 *

Sent a patch for 1.19.2 upgrade which should take care of all go CVEs
reported here.

> CVE-2022-43680 (CVSS3: 7.5 HIGH): expat:expat-native 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43680 *
>
> For further information see: 
> https://autobuilder.yocto.io/pub/non-release/patchmetrics/
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#172329): 
https://lists.openembedded.org/g/openembedded-core/message/172329
Mute This Topic: https://lists.openembedded.org/mt/94662953/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to