flatcar / Flatcar

Flatcar project repository for issue tracking, project documentation, etc.
https://www.flatcar.org/
Apache License 2.0
722 stars 31 forks source link

update: qemu #1087

Closed vbatts closed 1 year ago

vbatts commented 1 year ago

Name: qemu CVEs: ~CVE-2023-0330~, CVE-2023-1544, ~CVE-2023-2861~ CVSSs: 6.0, 6.3, 6.3 Action Needed: ~update to >= 8.0.0 for CVE-2023-0330~, update to > 7.2.0 for CVE-2023-1544, ~update to >= 8.0.0 for CVE-2023-2861~

Summary:

Qemu is only in Flatcar SDK, not critical.

Gentoo ebuild for 8.0.2 is available.

refmap.gentoo: https://bugs.gentoo.org/905342, https://bugs.gentoo.org/909542

krnowak commented 1 year ago

CVE-2023-0330 and CVE-2023-2861 are fixed in next alpha. CVE-2023-1544 is still TBD.

sayanchowdhury commented 1 year ago

Updated info for CVE-2023-1544, update to > 7.2.0

@dongsupark can you just confirm once if the info is correct. ^^

dongsupark commented 1 year ago

@sayanchowdhury Yes, correct. Thanks.

krnowak commented 1 year ago

If this is correct, then this can be closed, we have 8.0.3 (8.0.4 if the weekly comes in).

dongsupark commented 1 year ago

Right, let's close