On Sun, 10 Sept 2023, 17:14 Khem Raj, <[email protected]> wrote: > On Sun, Sep 10, 2023 at 4:18 AM Steve Sakoman <[email protected]> wrote: > > > > Branch: master > > > > New this week: 10 CVEs > > CVE-2022-3563 (CVSS3: 5.7 MEDIUM): bluez5 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3563 * > > CVE-2022-3637 (CVSS3: 5.5 MEDIUM): bluez5 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3637 * > > These two are addressed in the 5.69 release which is already in > master. So I wonder how the CVE scanner missed it.
The NVD entry does not include any version numbers, so all bluez versions are matched as vulnerable. Have you mailed them? Can do it if you haven't. Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187457): https://lists.openembedded.org/g/openembedded-core/message/187457 Mute This Topic: https://lists.openembedded.org/mt/101270898/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
