Marta Rybczynska via lists.yoctoproject.org <rybczynska= gmail....@lists.yoctoproject.org> escreveu (quinta, 16/05/2024 à(s) 14:20):
> Hello all, > The prototype CVE check via the MITRE database is giving the following for > scathgap today (adding maintainers of affected packages in copy): > > CVE-2024-32002.json: affected: git 2.44.0 > CVE-2024-32004.json: affected: git 2.44.0 > CVE-2024-32020.json: affected: git 2.44.0 > CVE-2024-32021.json: affected: git 2.44.0 > CVE-2024-3205.json: affected: libyaml 0.2.5 > CVE-2024-32465.json: affected: git 2.44.0 > CVE-2024-33599.json: affected glibc 2.39 > CVE-2024-33600.json: affected: glibc 2.39 > CVE-2024-33601.json: affected: glibc 2.39 > CVE-2024-33602.json: affected: glibc 2.39 > > I would also like to ask for volunteers to help with looking up the > following CVEs and submitting fixes to > https://github.com/mrybczyn/cvelistV5-overrides/tree/overrides if they > are malformed: > go: CVE-2024-24788, CVE=2024-24787 > All the golang was fixed in today bump to 1.22.3 https://patchwork.yoctoproject.org/project/oe-core/patch/20240516102322.301064-1-jose.quare...@foundries.io/ Anyway the CVE-2024-24787 only affects the Apple people on Darwin. Jose aiohttp: CVE-2024-30251 > x server: CVE-2024-31053, CVE-2024-31082 > bluez: CVE-2023-27349, CVE-2023-50229, CVE-2023-50230 > gstreamer: CVE-2023-50186, CVE-2023-44446 > less: CVE-2024-32407 > ncurses: CVE-2023-45988 > ofono: CVE-2023-4234, CVE-2023-4233 > > If you have any question on how to do that, ask me. > > Kind regards, > Marta > > > > -- Best regards, José Quaresma
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#199490): https://lists.openembedded.org/g/openembedded-core/message/199490 Mute This Topic: https://lists.openembedded.org/mt/106135359/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-