On 10 Sep 2023, at 16:54, Marta Rybczynska via lists.yoctoproject.org <[email protected]> wrote: > On Sun, 10 Sept 2023, 17:14 Khem Raj, <[email protected]> wrote: > On Sun, Sep 10, 2023 at 4:18 AM Steve Sakoman <[email protected]> wrote: > > > > Branch: master > > > > New this week: 10 CVEs > > CVE-2022-3563 (CVSS3: 5.7 MEDIUM): bluez5 > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3563 * > > CVE-2022-3637 (CVSS3: 5.5 MEDIUM): bluez5 > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3637 * > > These two are addressed in the 5.69 release which is already in > master. So I wonder how the CVE scanner missed it. > > The NVD entry does not include any version numbers, so all bluez versions are > matched as vulnerable. Have you mailed them? Can do it if you haven't.
I mailed them last week when I noticed this. Ironically this was my fault: these were listed as kernel issues so got the CPE changed to refer to bluez instead of the kernel. :) Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187483): https://lists.openembedded.org/g/openembedded-core/message/187483 Mute This Topic: https://lists.openembedded.org/mt/101288676/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
