> On Jun 12, 2022, at 6:02 AM, Steve Sakoman <st...@sakoman.com> wrote: > > Branch: kirkstone > > New this week: 5 CVEs > CVE-2022-1664 (CVSS3: 9.8 CRITICAL): dpkg > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1664 * > CVE-2022-1927 (CVSS3: 9.8 CRITICAL): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1927 * > CVE-2022-1942 (CVSS3: 7.8 HIGH): vim > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1942 * > CVE-2022-26691 (CVSS3: 6.7 MEDIUM): cups > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-26691 * > CVE-2022-27778 (CVSS3: 8.1 HIGH): curl:curl-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-27778 *
CVE-2022-27778 doesn’t apply to the curl versions in kirkstone or dunfell (master already has the fixed version). It looks like the NVD doesn’t quite have the right version ranges based on what the curl developers have published. I’ve sent an email to hopefully get the NVD updated. Thanks, Robert
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#166825): https://lists.openembedded.org/g/openembedded-core/message/166825 Mute This Topic: https://lists.openembedded.org/mt/91705261/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
