Marta Rybczynska via lists.yoctoproject.org escreveu (quinta, 16/05/2024 à(s) 14:20):
> Hello all,
> The prototype CVE check via the MITRE database is giving the following for
> scathgap today (adding maintainers of affected packages in copy):
>
> CVE-2024-32002.json: affected: git 2.44.0
>
Thank you Marko for the feedback! For CVE-2024-34397 the reason is simple:
"affected": [
{
"vendor": "n/a",
"product": "n/a",
"versions": [
{
"version": "n/a",
Hello Marta,
Glibc fixes are already staged in scarthgap-nut.
Interesting would be to check why the prototype does not list glib-2.0
CVE-2024-34397 which is staged there, too.
Peter
From: yocto-secur...@lists.yoctoproject.org
On Behalf Of Marta Rybczynska via
lists.yoctoproject.org
Sent: