On Mon, 2023-01-23 at 13:29 +0000, Ross Burton wrote: > On 23 Jan 2023, at 12:42, Alexander Kanavin <alex.kana...@gmail.com> wrote: > > > > On Mon, 23 Jan 2023 at 13:40, Ross Burton <ross.bur...@arm.com> wrote: > > > > CVE-2022-3550 (CVSS3: 8.8 HIGH): xserver-xorg > > > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3550 * > > > > CVE-2022-3551 (CVSS3: 6.5 MEDIUM): xserver-xorg > > > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3551 * > > > > > > These are fixed in xserver-org 21.1.6, I’ve mailed to get the CPE updated. > > > > This is quite often the case, perhaps those weekly reports could > > include a pointer on how to do that? > > I guess whilst the CVE triage process is actually quite simple, there’s a few > non-obvious steps. > > I’ve started braindumping into > https://wiki.yoctoproject.org/wiki/CVE_Triage, when it’s expanded and > complete we can link to it. Or maybe we should just start a > Maintainers book in the documentation?
Lets put it in the manual. The wiki is good to pull together info but I'd like the manual to be definitive. I've thought this about patch submission for a while too, we have too many docs with the useful bits of data spread over two wikis and a few READMEs... Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176307): https://lists.openembedded.org/g/openembedded-core/message/176307 Mute This Topic: https://lists.openembedded.org/mt/96472422/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
