Hello Marta, Glibc fixes are already staged in scarthgap-nut. Interesting would be to check why the prototype does not list glib-2.0 CVE-2024-34397 which is staged there, too.
Peter From: [email protected] <[email protected]> On Behalf Of Marta Rybczynska via lists.yoctoproject.org Sent: Thursday, May 16, 2024 15:21 To: [email protected]; OE-core <[email protected]> Cc: Richard Purdie <[email protected]>; Steve Sakoman <[email protected]>; [email protected]; [email protected]; Khem Raj <[email protected]> Subject: [yocto-security] CVE status for scathgap on 2024-05-16 and ask for help > Hello all, > The prototype CVE check via the MITRE database is giving the following for > scathgap today (adding maintainers of affected packages in copy): > > CVE-2024-32002.json: affected: git 2.44.0 > CVE-2024-32004.json: affected: git 2.44.0 > CVE-2024-32020.json: affected: git 2.44.0 > CVE-2024-32021.json: affected: git 2.44.0 > CVE-2024-3205.json: affected: libyaml 0.2.5 > CVE-2024-32465.json: affected: git 2.44.0 > CVE-2024-33599.json: affected glibc 2.39 > CVE-2024-33600.json: affected: glibc 2.39 > CVE-2024-33601.json: affected: glibc 2.39 > CVE-2024-33602.json: affected: glibc 2.39 > > I would also like to ask for volunteers to help with looking up the following > CVEs and submitting fixes to > https://github.com/mrybczyn/cvelistV5-overrides/tree/overrides if they are > malformed: > go: CVE-2024-24788, CVE=2024-24787 > aiohttp: CVE-2024-30251 > x server: CVE-2024-31053, CVE-2024-31082 > bluez: CVE-2023-27349, CVE-2023-50229, CVE-2023-50230 > gstreamer: CVE-2023-50186, CVE-2023-44446 > less: CVE-2024-32407 > ncurses: CVE-2023-45988 > ofono: CVE-2023-4234, CVE-2023-4233 > > If you have any question on how to do that, ask me. > > Kind regards, > Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#199487): https://lists.openembedded.org/g/openembedded-core/message/199487 Mute This Topic: https://lists.openembedded.org/mt/106134282/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
