CVE Status: Difference between revisions

From Yocto Project
Jump to navigationJump to search
No edit summary
No edit summary
Line 21: Line 21:
Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.
Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. [https://gitlab.freedesktop.org/pixman/pixman/-/issues/76 This ticket] has the details.


=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1386 CVE-2023-1386] (qemu) ===


=== qemu ===
Still [https://github.com/v9fs/linux/issues/29 open upstream].


Upgrading to 8.1.0 will solve the ones which have merged fixes.
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3019 CVE-2023-3019] (qemu) ===
 
Linked patches need rebasing and review.
 
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3180 CVE-2023-3180] (qemu) ===
 
[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980 Fixed] in 8.1.0.
 
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3354 CVE-2023-3354] (qemu) ===
 
[https://gitlab.com/qemu-project/qemu/-/commit/10be627d2b5ec2d6b3dce045144aa739eef678b4 Fixed] in 8.1.0.
 
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40360 CVE-2023-40360] (qemu) ===
 
[https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98 Fixed] in 8.1.0.
 
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4135 CVE-2023-4135] (qemu) ===
 
[https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf Fixed] in 8.1.0.


CVE-2023-1386 https://github.com/v9fs/linux/issues/29
CVE-2023-3019. Patches sent but not merged, need to be rebased.
CVE-2023-3180. Patch at https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980.
CVE-2023-3354. Patch at https://lore.kernel.org/qemu-devel/20230801174650.177924-2-berrange@redhat.com/.
CVE-2023-40360. Patch at https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98.
CVE-2023-4135. Patch at https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf.


=== linux ===
=== linux ===


TODO
TODO
<!--
Header template:
=== [https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE CVE] (RECIPE) ===
-->

Revision as of 10:54, 25 August 2023

This is a list of CVEs which are currently being reported as open, and the current state.

CVE-2022-3219 (gnupg)

Hypothetical DoS. A patch was proposed but hasn't been reviewed or merged.

CVE-2022-33065 (libsndfile1)

Integer overflow, still open upstream.

CVE-2022-46456 (nasm)

Buffer overflow, still open upstream.

CVE-2023-0687 (glibc)

Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.

CVE-2023-37769 (pixman)

Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. This ticket has the details.

CVE-2023-1386 (qemu)

Still open upstream.

CVE-2023-3019 (qemu)

Linked patches need rebasing and review.

CVE-2023-3180 (qemu)

Fixed in 8.1.0.

CVE-2023-3354 (qemu)

Fixed in 8.1.0.

CVE-2023-40360 (qemu)

Fixed in 8.1.0.

CVE-2023-4135 (qemu)

Fixed in 8.1.0.


linux

TODO