On 12 Mar 2023, at 12:03, Steve Sakoman via lists.yoctoproject.org <[email protected]> wrote: > Full list: Found 7 unpatched CVEs > CVE-2005-1796 (CVSS3: N/A): ncurses:ncurses-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1796 *
Not a ncurses bug, I’ve asked NIST to update the CPE. > CVE-2022-3219 (CVSS3: 5.5 MEDIUM): gnupg:gnupg-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * > CVE-2022-4055 (CVSS3: 7.4 HIGH): xdg-utils > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4055 * > CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * These are still open upstream. > CVE-2023-1127 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1127 * > CVE-2023-1170 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1170 * > CVE-2023-1175 (CVSS3: 7.3 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1175 * Patch incoming for the point update. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178449): https://lists.openembedded.org/g/openembedded-core/message/178449 Mute This Topic: https://lists.openembedded.org/mt/97579761/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
