On 20 Aug 2023, at 18:30, Khem Raj via lists.openembedded.org <[email protected]> wrote: > >> CVE-2023-0687 (CVSS3: 9.8 CRITICAL): glibc >> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-0687 * > > We are at 2.38 release on master and this release contains > https://sourceware.org/git/?p=glibc.git;a=commit;h=801af9fafd4689337ebf27260aa115335a0cb2bc > which fixes this problem. So I wonder why it appears in the scan here ?
Because the CVE explicitly says that 2.38 is broken. I’ve mailed NIST to tell them that it’s fixed in 2.38 onwards. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#186443): https://lists.openembedded.org/g/openembedded-core/message/186443 Mute This Topic: https://lists.openembedded.org/mt/100852965/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
