Ignoring the kernel issues: > CVE-2021-4336 (CVSS3: 9.8 CRITICAL): ninja:ninja-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4336 *
Wrong ninja, sent ignore. > CVE-2022-3219 (CVSS3: 3.3 LOW): gnupg:gnupg-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3219 * Still open. > CVE-2022-44370 (CVSS3: 7.8 HIGH): nasm:nasm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44370 * Fixed in our version, CPE update sent. > CVE-2022-46456 (CVSS3: 6.1 MEDIUM): nasm:nasm-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46456 * Still open. > CVE-2022-4603 (CVSS3: 8.8 HIGH): ppp > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4603 * Fixed in 2.5.0, CPE update sent. > CVE-2023-1916 (CVSS3: 6.1 MEDIUM): tiff > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1916 * Patch still in review on GitLab. > CVE-2023-1972 (CVSS3: 6.5 MEDIUM): > binutils:binutils-cross-testsuite:binutils-cross-x86_64 > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1972 * Simple fix, building now. > CVE-2023-25652 (CVSS3: 7.5 HIGH): git > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25652 * > CVE-2023-29007 (CVSS3: 7.8 HIGH): git > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29007 * Both fixed in 2.39.3, patch sent. > CVE-2023-2804 (CVSS3: 6.5 MEDIUM): libjpeg-turbo:libjpeg-turbo-native > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-2804 * _Appears_ to be specific to the 2.1.9x series, which we don’t ship. I’ll dig a little further shortly. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#182391): https://lists.openembedded.org/g/openembedded-core/message/182391 Mute This Topic: https://lists.openembedded.org/mt/99343201/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
