CVE Status
This is a list of CVEs which are currently being reported as open, and the current state.
CVE-2022-3219 (gnupg)
Hypothetical DoS. A patch was proposed but hasn't been reviewed or merged.
CVE-2022-33065 (libsndfile1)
Integer overflow, still open upstream.
CVE-2022-46456 (nasm)
Buffer overflow, still open upstream.
CVE-2023-0687 (glibc)
Bad CPE, should be marked as fixed in 2.38. Emailed NIST, data not updated yet.
CVE-2023-37769 (pixman)
Appears to be a floating point exception in a test, should verify that the crash is in the test code and not the library. This ticket has the details.
qemu
Upgrading to 8.1.0 will solve the ones which have merged fixes.
CVE-2023-1386 https://github.com/v9fs/linux/issues/29 CVE-2023-3019. Patches sent but not merged, need to be rebased. CVE-2023-3180. Patch at https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980. CVE-2023-3354. Patch at https://lore.kernel.org/qemu-devel/20230801174650.177924-2-berrange@redhat.com/. CVE-2023-40360. Patch at https://gitlab.com/qemu-project/qemu/-/commit/6c8f8456cb0b239812dee5211881426496da7b98. CVE-2023-4135. Patch at https://gitlab.com/qemu-project/qemu/-/commit/ecb1b7b082d3b7dceff0e486a114502fc52c0fdf.
linux
TODO