On Sun, Oct 30, 2022 at 5:03 AM Steve Sakoman <st...@sakoman.com> wrote: > > Branch: master > > New this week: 2 CVEs > CVE-2022-3705 (CVSS3: 7.5 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 * > CVE-2022-43680 (CVSS3: 7.5 HIGH): expat:expat-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43680 * > > Removed this week: 17 CVEs > CVE-2022-3165 (CVSS3: 6.5 MEDIUM): qemu:qemu-native:qemu-system-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3165 * > CVE-2022-3352 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3352 * > CVE-2022-3358 (CVSS3: 7.5 HIGH): openssl:openssl-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3358 * > CVE-2022-3550 (CVSS3: 9.8 CRITICAL): xserver-xorg > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 * > CVE-2022-3551 (CVSS3: 7.5 HIGH): xserver-xorg > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3551 * > CVE-2022-3553 (CVSS3: 7.5 HIGH): xserver-xorg > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3553 * > CVE-2022-3554 (CVSS3: 7.5 HIGH): libx11:libx11-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3554 * > CVE-2022-3555 (CVSS3: 7.5 HIGH): libx11:libx11-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3555 * > CVE-2022-3570 (CVSS3: 9.8 CRITICAL): tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3570 * > CVE-2022-3597 (CVSS3: 6.5 MEDIUM): tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3597 * > CVE-2022-3598 (CVSS3: 6.5 MEDIUM): tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3598 * > CVE-2022-3599 (CVSS3: 6.5 MEDIUM): tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3599 * > CVE-2022-3626 (CVSS3: 6.5 MEDIUM): tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3626 * > CVE-2022-3627 (CVSS3: 6.5 MEDIUM): tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3627 * > CVE-2022-39253 (CVSS3: 5.5 MEDIUM): git > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39253 * > CVE-2022-39260 (CVSS3: 8.8 HIGH): git > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39260 * > CVE-2022-41556 (CVSS3: 7.5 HIGH): lighttpd > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41556 * > > Full list: Found 5 unpatched CVEs > CVE-2022-2879 (CVSS3: 7.5 HIGH): go > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2879 * > CVE-2022-2880 (CVSS3: 7.5 HIGH): go > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2880 * > CVE-2022-3705 (CVSS3: 7.5 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 * > CVE-2022-41715 (CVSS3: 7.5 HIGH): go > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41715 *
Sent a patch for 1.19.2 upgrade which should take care of all go CVEs reported here. > CVE-2022-43680 (CVSS3: 7.5 HIGH): expat:expat-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43680 * > > For further information see: > https://autobuilder.yocto.io/pub/non-release/patchmetrics/ > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#172329): https://lists.openembedded.org/g/openembedded-core/message/172329 Mute This Topic: https://lists.openembedded.org/mt/94662953/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-