OE-core CVE metrics for master on Sun 08 Aug 2021 04:00:01 AM HST

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

* OE-core CVE metrics for master on Sun 08 Aug 2021 04:00:01 AM HST
@ 2021-08-08 14:04 Steve Sakoman
  2021-08-09 11:41 ` [OE-core] " Ross Burton
  0 siblings, 1 reply; 2+ messages in thread
From: Steve Sakoman @ 2021-08-08 14:04 UTC (permalink / raw)
  To: openembedded-core, yocto-security

Branch: master

New this week: 0 CVEs

Removed this week: 0 CVEs

Full list:  Found 11 unpatched CVEs
CVE-2019-12067: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12067 *
CVE-2019-6293: flex:flex-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-6293 *
CVE-2020-27748: xdg-utils https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-27748 *
CVE-2020-35503: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35503 *
CVE-2021-20255: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-20255 *
CVE-2021-31879: wget https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-31879 *
CVE-2021-34558: go https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-34558 *
CVE-2021-3507: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3507 *
CVE-2021-35331: tcl:tcl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35331 *
CVE-2021-35942: glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942 *
CVE-2021-36976: libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36976 *

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [OE-core] OE-core CVE metrics for master on Sun 08 Aug 2021 04:00:01 AM HST
  2021-08-08 14:04 OE-core CVE metrics for master on Sun 08 Aug 2021 04:00:01 AM HST Steve Sakoman
@ 2021-08-09 11:41 ` Ross Burton
  0 siblings, 0 replies; 2+ messages in thread
From: Ross Burton @ 2021-08-09 11:41 UTC (permalink / raw)
  To: Steve Sakoman; +Cc: OE-core, yocto-security

Did ten minutes digging into some recent issues:

> CVE-2021-3507: qemu:qemu-native:qemu-system-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3507 *

No fixes in flight for this.

> CVE-2021-35331: tcl:tcl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35331 *

Disputed as the issue is in build-time tooling.

> CVE-2021-35942: glibc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35942 *

Fixed in the upstream 2.33 branch, so easily merged.

> CVE-2021-36976: libarchive:libarchive-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36976 *

https://github.com/libarchive/libarchive/issues/1554.  Patches in flight.

Ross

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-08-09 11:41 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-08-08 14:04 OE-core CVE metrics for master on Sun 08 Aug 2021 04:00:01 AM HST Steve Sakoman
2021-08-09 11:41 ` [OE-core] " Ross Burton

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox