CVE Status: Difference between revisions

From Yocto Project
Jump to navigationJump to search
No edit summary
mNo edit summary
Line 45: Line 45:
[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.
[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.


 
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-14899 CVE-2019-14899] (linux-yocto) ===
=== linux ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3714 CVE-2021-3714] (linux-yocto) ===
 
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3864 CVE-2021-3864] (linux-yocto) ===
TODO
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0400 CVE-2022-0400] (linux-yocto) ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1247 CVE-2022-1247] (linux-yocto) ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4543 CVE-2022-4543] (linux-yocto) ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36402 CVE-2022-36402] (linux-yocto) ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38096 CVE-2022-38096] (linux-yocto) ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3640 CVE-2023-3640] (linux-yocto) ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3772 CVE-2023-3772] (linux-yocto) ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3773 CVE-2023-3773] (linux-yocto) ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4010 CVE-2023-4010] (linux-yocto) ===
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4128 CVE-2023-4128] (linux-yocto) ===


<!--
<!--

Revision as of 11:44, 25 August 2023

This is a list of CVEs which are currently being reported as open, and the current state.

CVE-2022-3219 (gnupg)

Hypothetical DoS. A patch was proposed but hasn't been reviewed or merged.

CVE-2022-33065 (libsndfile1)

Integer overflow, still open upstream.

CVE-2022-46456 (nasm)

Buffer overflow, still open upstream.

CVE-2023-0687 (glibc)

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

CVE-2023-37769 (pixman)

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. This ticket has the details.

CVE-2023-1386 (qemu)

Still open upstream.

CVE-2023-3019 (qemu)

Linked patches need rebasing and review.

CVE-2023-3180 (qemu)

Fixed in 8.1.0.

CVE-2023-3354 (qemu)

Fixed in 8.1.0.

CVE-2023-40360 (qemu)

Fixed in 8.1.0.

CVE-2023-4135 (qemu)

Fixed in 8.1.0.

CVE-2019-14899 (linux-yocto)

CVE-2021-3714 (linux-yocto)

CVE-2021-3864 (linux-yocto)

CVE-2022-0400 (linux-yocto)

CVE-2022-1247 (linux-yocto)

CVE-2022-4543 (linux-yocto)

CVE-2022-36402 (linux-yocto)

CVE-2022-38096 (linux-yocto)

CVE-2023-3640 (linux-yocto)

CVE-2023-3772 (linux-yocto)

CVE-2023-3773 (linux-yocto)

CVE-2023-4010 (linux-yocto)

CVE-2023-4128 (linux-yocto)