Hi all, Sorry that the fix/workaround for this vulnerability was not discussed publically. This vulnerability was reported by a user privately/encrypted. Yocto Security team; Sona, Michael Halstead and Richard handled this off-list. We decided that we provide a quick fix/workaround before we make this vulnerability public and then change/ improve it later if necessary. > I suspect this has been missed by some people so I want to spell it out. We > have our first CVE in OE-Core itself.
We have received a CVE from Mitre for this vulnerability, but they have changed our description of vulnerability of some unknown reason :) we have requested an update/correction (see below) but they haven't changed the description yet: From: CVE Request [mailto:cve-requ...@mitre.org] Sent: Monday, June 19, 2017 12:09 PM To: Sona Sarmadi <sona.sarm...@enea.com> Subject: CVE Request 349461 for Update Published CVE Thank you for your submission. It will be reviewed by a CVE Assignment Team member. You have requested an update to the following published CVE: CVE-2017-9731 Changes, additions, or updates to your request can be sent to the CVE Team by replying directly to this email. Please do not change the subject line, which allows us to effectively track your request. CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html] Thanks all for your help with this vulnerability. //Sona -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
