On Mon, 2022-09-12 at 18:45 -0700, Khem Raj wrote: > On 9/11/22 7:02 AM, Steve Sakoman wrote: > > > CVE-2021-3521 (CVSS3: 4.7 MEDIUM): rpm:rpm-native > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3521 * > > CVE-2021-35937 (CVSS3: 6.4 MEDIUM): rpm:rpm-native > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937 * > > CVE-2021-35938 (CVSS3: 7.8 HIGH): rpm:rpm-native > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938 * > > CVE-2021-35939 (CVSS3: 7.8 HIGH): rpm:rpm-native > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939 * > > CVE-2021-4158 (CVSS3: 6.0 MEDIUM): qemu:qemu-native:qemu-system-native > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4158 * > > CVE-2022-1354 (CVSS3: 5.5 MEDIUM): tiff > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1354 * > > CVE-2022-1355 (CVSS3: 6.1 MEDIUM): tiff > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1355 * > > there is a patch on ml for this.
These were merged and we also upgraded tiff to 4.4.0 which then dropped the patches. 4.4.0 should contain those fixes but the CPE entry upstream doesn't have version constraints. We probably need to contact them to fix that. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#170564): https://lists.openembedded.org/g/openembedded-core/message/170564 Mute This Topic: https://lists.openembedded.org/mt/93611544/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
