User:RossBurton/CVE

From Yocto Project
Jump to navigationJump to search
  • apt-1.2.31-r0 do_cve_check: Found unpatched CVE (CVE-2019-3462)
  • binutils-2.32.0-r0 do_cve_check: Found unpatched CVE (CVE-2018-1000876 CVE-2019-12972 CVE-2019-9070 CVE-2019-9071 CVE-2019-9072 CVE-2019-9073)
  • boost-1.69.0-r0 do_cve_check: Found unpatched CVE (CVE-2009-3654)
  • curl-7.65.1-r0 do_cve_check: Found unpatched CVE (CVE-2019-5443)

5443 is a Windows-specific issue.

  • db-1_5.3.28-r1 do_cve_check: Found unpatched CVE (CVE-2016-0682 CVE-2016-0689 CVE-2016-0692 CVE-2016-0694 CVE-2016-3418 CVE-2017-3604 CVE-2017-3605 CVE-2017-3606 CVE-2017-3607 CVE-2017-3608 CVE-2017-3609 CVE-2017-3610 CVE-2017-3611 CVE-2017-3612 CVE-2017-3613 CVE-2017-3614 CVE-2017-3615 CVE-2017-3616 CVE-2017-3617)

I think for db we'll just have to watch Fedora/RHEL, as some of these are probably in db6 only, or the fix isn't backportable.

  • ed-1.15-r0 do_cve_check: Found unpatched CVE (CVE-2015-2987)

2987 isnt GNU ed.

  • flex-2.6.0-r0 do_cve_check: Found unpatched CVE (CVE-2015-1773)

1773 isn't GNU Flex. Need improvement to cve-check class to compare Vendor.

  • git-2.22.0-r0 do_cve_check: Found unpatched CVE (CVE-2018-1000110 CVE-2018-1000182 CVE-2019-1003010)
  • glib-2.0-1_2.60.4-r0 do_cve_check: Found unpatched CVE (CVE-2019-12450)
  • gnupg-2.2.16-r0 do_cve_check: Found unpatched CVE (CVE-2019-13050)
  • go-1.12.6-r0 do_cve_check: Found unpatched CVE (CVE-2018-17075 CVE-2018-17142 CVE-2018-17143 CVE-2018-17846 CVE-2018-17847 CVE-2018-17848)
  • libgcrypt-1.8.4-r0 do_cve_check: Found unpatched CVE (CVE-2019-12904)
  • libid3tag-0.15.1b-r7 do_cve_check: Found unpatched CVE (CVE-2017-11550 CVE-2017-11551)
  • librsvg-2.40.20-r0 do_cve_check: Found unpatched CVE (CVE-2018-1000041)
  • libsndfile1-1.0.28-r0 do_cve_check: Found unpatched CVE (CVE-2018-13419)
  • libtasn1-4.13-r0 do_cve_check: Found unpatched CVE (CVE-2018-1000654)
  • libxslt-1.1.33-r0 do_cve_check: Found unpatched CVE (CVE-2019-13117 CVE-2019-13118)
  • mdadm-4.1-r0 do_cve_check: Found unpatched CVE (CVE-2014-5220)
  • nasm-2.14.02-r0 do_cve_check: Found unpatched CVE (CVE-2019-6290 CVE-2019-6291 CVE-2019-8343)
  • openssl-1.1.1c-r0 do_cve_check: Found unpatched CVE (CVE-2016-7798 CVE-2018-16395 CVE-2019-0190)
  • procps-3.3.15-r0 do_cve_check: Found unpatched CVE (CVE-2018-1121)

1121 is disputed upstream: procps isn't a security tool.

  • python-2.7.16-r0 do_cve_check: Found unpatched CVE (CVE-2010-3492 CVE-2013-7338 CVE-2015-5652 CVE-2017-17522 CVE-2017-18207 CVE-2019-9740 CVE-2019-9947)
  • qemu-4.0.0-r0 do_cve_check: Found unpatched CVE (CVE-2019-12155 CVE-2019-12928 CVE-2019-12929)
  • rsync-3.1.3-r0 do_cve_check: Found unpatched CVE (CVE-2017-16548)
  • subversion-1.12.0-r0 do_cve_check: Found unpatched CVE (CVE-2017-1000085 CVE-2018-1000111)
  • tiff-4.0.10-r0 do_cve_check: Found unpatched CVE (CVE-2019-6128 CVE-2019-7663)
  • virglrenderer-0.7.0-r0 do_cve_check: Found unpatched CVE (CVE-2017-5957)
  • zip-3.0-r2 do_cve_check: Found unpatched CVE (CVE-2018-13410)