Re: [OE-core] OE-core CVE metrics for master on Sun 12 Nov 2023 01:00:01 AM HST

Mon, 13 Nov 2023 05:55:39 -0800 

On 12 Nov 2023, at 11:17, Steve Sakoman via lists.openembedded.org 
<steve=sakoman....@lists.openembedded.org> wrote:
> New this week: 8 CVEs

Such fun!

I did some research and have included my notes below.  Do we have any 
volunteers for the avahi patchbomb?

> CVE-2023-3397 (CVSS3: 6.3 MEDIUM): linux-yocto 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397 *

NIST link to a “patch” which was prompted rejected.  I don’t believe we enable 
JFS so we could likely exclude this.

> CVE-2023-38469 (CVSS3: 5.5 MEDIUM): avahi 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38469 *

Issue lathiat/avahi#455, fixed with lathiat/avahi PR#500 a337a1.

> CVE-2023-38470 (CVSS3: 5.5 MEDIUM): avahi 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38470 *

Issue lathiat/avahi#454, fixed with lathiat/avahi - 94cb64.

> CVE-2023-38471 (CVSS3: 5.5 MEDIUM): avahi 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38471 *

Issue lathiat/avahi#453 fixed with lathiat/avahi PR#494 d486bc.

> CVE-2023-38472 (CVSS3: 5.5 MEDIUM): avahi 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38472 *

Issue lathiat/avahi#452 fixed with lathiat/avahi PR#490 d886dc.

> CVE-2023-38473 (CVSS3: 5.5 MEDIUM): avahi 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38473 *

Issue lathiat/avahi#451 fixed with lathiat/avahi PR#486 5edc17.

> CVE-2023-46246 (CVSS3: 5.5 MEDIUM): vim 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46246 *

Fix in vim/vim - 9198c1.

> CVE-2023-46407 (CVSS3: 5.5 MEDIUM): ffmpeg 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46407 *

Fix in FFmpeg/FFmpeg - bf8143. This is part of the 6.1 release so upgrading 
ffmpeg will make that go away.

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#190469): 
https://lists.openembedded.org/g/openembedded-core/message/190469
Mute This Topic: https://lists.openembedded.org/mt/102540446/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to