Dear all, 经社区Release SIG、QA SIG及 CICD SIG 评估,openEuler-20.03-LTS-SP1、openEuler-20.03-LTS-SP3及openEuler-22.03-LTS update版本满足版本出口质量,现进行发布公示。 本公示分为五部分: 1、openEuler-20.03-LTS-SP1 Update 20230301发布情况及待修复缺陷 2、openEuler-20.03-LTS-SP3 Update 20230301发布情况及待修复缺陷 3、openEuler-22.03-LTS Update 20230301发布情况及待修复缺陷 4、openEuler-22.03-LTS-SP1 Update 20230301发布情况及待修复缺陷 5、openEuler 关键组件待修复CVE 清单 6、openEuler 社区指导文档及开放平台链接 本次update版本发布后,下一个版本里程碑点(预计在2023/03/11)提供 update_ 20230308 版本。 openEuler-20.03-LTS-SP1 Update 20230301 经各SIG及社区开发者贡献,本周openEuler-20.03-LTS-SP1修复版本已知问题5个,已知漏洞24个。目前版本分支剩余待修复缺陷43个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库 openEuler-20.03-LTS-SP1 Update版本CVE修复 及Bugfix list公示链接: https://gitee.com/openeuler/release-management/issues/I6HVKH?from=project-is... CVE修复: 需求类型 软件包 优先级 CVE-2023-0687 glibc 9.8 CVE-2023-25153 containerd 5.5 CVE-2023-25173 containerd 7.8 CVE-2022-48337 emacs 7.8 CVE-2022-48338 emacs 7.3 CVE-2022-48339 emacs 7.3 CVE-2023-24580 python-django 7.5 CVE-2022-4304 nodejs 5.9 CVE-2022-4450 nodejs 7.5 CVE-2023-0215 nodejs 7.5 CVE-2023-0286 nodejs 7.4 CVE-2022-38266 leptonica 6.5 CVE-2023-0056 haproxy 4.3 CVE-2023-25725 haproxy 7.5 CVE-2022-37704 amanda 6.7 CVE-2022-37705 amanda 6.7 CVE-2021-33639 kernel 6.7 CVE-2023-26545 kernel 5.3 CVE-2020-10775 ovirt-engine 5.3 CVE-2022-4450 edk2 7.5 CVE-2023-0215 edk2 7.5 CVE-2023-0286 edk2 7.4 CVE-2023-0401 edk2 7.5 Bugfix: issue 仓库 #I6E9JM:例行分析python-urllib3补丁,需要补丁回合<https://gitee.com/open_euler/dashboard?issue_id=I6E9JM> python-urllib3 #I6AA06:【20.03-LTS-SP1-update-0111】【arm/x86】执行sosreport -a报错“TypeError: 'NoneType' object is not iterable”<https://gitee.com/open_euler/dashboard?issue_id=I6AA06> sos #I63KFX:自动化测试FC卡不显示FC卡的型号信息<https://gitee.com/open_euler/dashboard?issue_id=I63KFX> oec-hardware #I4RU21:回合社区补丁<https://gitee.com/open_euler/dashboard?issue_id=I4RU21> dnf-plugins-core #I6BO2R:【openEuler 1.0-LTS】【OLK-5.10】新增中断重入告警维测<https://gitee.com/open_euler/dashboard?issue_id=I6BO2R> kernel openEuler-20.03-LTS-SP1版本编译构建信息查询链接: https://build.openeuler.org/project/show/openEuler:20.03:LTS:SP1 https://build.openeuler.org/project/show/openEuler:20.03:LTS:SP1:Epol openEuler-20.03-LTS-SP1 Update版本 发布源链接: https://repo.openeuler.org/openEuler-20.03-LTS-SP1/update/ https://repo.openeuler.org/openEuler-20.03-LTS-SP1/EPOL/update/ openEuler CVE 及 安全公告公示链接: https://www.openeuler.org/zh/security/cve/ https://www.openeuler.org/zh/security/safety-bulletin/ https://repo.openeuler.org/security/data/cvrf/ openEuler-20.03-LTS-SP1 Update版本待修复问题清单公示: 任务ID 任务标题 关联仓库 SIG I281C1 【fuzz】runtime error: libsass Base-service I437CR [SP1][arm/x86]obs-server包下11个服务启动关闭,出现报错 obs-server Others I43OSX [clamav] 执行clamscan --statistics pcre命令会出现error,但是最终返回码为0 clamav Others I48GIM 【20.03LTS SP1 update 210901】ovirt-cockpit-sso.service服务启动失败 ovirt-cockpit-sso oVirt I490MU Uncaught exception in get_tokens_unprocessed python-pygments Programming-language I4F8YQ integer overflow in start_input_bmp libjpeg-turbo Desktop I4F903 Unexpect-exit in start_input_tga libjpeg-turbo Desktop I4F913 Timeout in tjDecompress2 libjpeg-turbo Desktop I4G4A5 Undefine-shift in _bfd_safe_read_leb128 binutils Compiler I4G4B1 Integer overflow in print_vms_time binutils Compiler I4G4VY memleak in parse_gnu_debugaltlink binutils Compiler I4G4WF Heap-buffer-overflow in slurp_hppa_unwind_table binutils Compiler I4G4WW Use-after-free in make_qualified_name binutils Compiler I4G4X6 memleak in byte_get_little_endian binutils Compiler I4G4XF memleak in process_mips_specific binutils Compiler I4G4Y0 out-of-memory in vms_lib_read_index binutils Compiler I4G4YJ Heap-buffer-overflow in bfd_getl16 binutils Compiler I4G4YV Floating point exception in _bfd_vms_slurp_etir binutils Compiler I4J0OY 【20.03 SP1】【arm/x86】安装好libdap后,getdap4命令的-i和-k参数使用异常 libdap sig-recycle I4JMG4 【20.03 SP1】【arm/x86】robotframework包的三个命令:libdoc、rebot、robot执行--help/-h/-?/--version,查看帮助信息和版本信息,返回值为251 python-robotframework sig-ROS I4K6ES stack-buffer-overflow in UINT32_Marshal libtpms sig-security-facility I4K6FU global-buffer-overflow in Array_Marshal libtpms sig-security-facility I4K6R7 memleak in wrap_nettle_mpi_init gnutls sig-security-facility I4K6UI Timeout in _asn1_find_up gnutls sig-security-facility I4O16Z 【SP1_update/arm】安装kernel-4.19.90-2108版本有错误提示信息 kernel Kernel I4QV6N 【openEuler-20.03-LTS-SP1】flink命令执行失败 flink sig-bigdata I5IG1V 【20.03-SP1】【x86/arm】epol源下的efl、efl-devel软件包安装报错,gpg检查失败 efl sig-compat-winapp I5IG6K 【20.03-SP1】【x86/arm】epol源下的opencryptoki、opencryptoki-devel软件包安装报错,gpg检查失败 opencryptoki dev-utils I5JHX2 【20.03 SP1 update 20220727】ovirt-engine在update 20220727版本安装失败 ovirt-engine oVirt I6975Y 【arm】--enable-bootstrap构建gcc失败 gcc Compiler I6AASB 【arm】【codedb】-O3 -fipa-struct-reorg=2编译AmberToolsICE: lto1: internal compiler error: rewrite failed for realloc gcc Compiler I6AZZU 【arm】【codedb】-O3 -fipa-struct-reorg=3运行bcftools应用Segmentation fault (core dumped) gcc Compiler I6CBNA 【20.03 sp1 udpate 0131 】netdata -W createdataset=10命令执行失败 netdata Base-service I6CKZE 【arm】【deja】使用22.03 LTS-SP1发布源gcc 出现编译ICE:during GIMPLE pass: reassoc:internal compiler error: Segmentation fault gcc Compiler I6DRDY 【x86】【spec2017】-O3 -fipa-struct-reorg=5编译子项失败 gcc Compiler I6DUTF [22.03sp1lts][arm/x86] obsredis.service服务启动失败 obs-server Others I6EUHB create_gcov在kernel6.1上执行报错 autofdo Compiler I6FQCO 【22.03-LTS-SP1】【x86/arm】opengauss缺少安装依赖lsof opengauss-server DB I6I438 【x86】【deja】汇编失败:unsupported masking for `vcvtps2ph' gcc Compiler I6I47O 【x86】【deja】运行出现Segmentation fault gcc Compiler I6ISTD [22.03-sp1]执行iscsiadm -m node -p 127.0.0.1 -u命令失败,内核报错 kernel Kernel I6IU04 【update20230228-22.03-lts-sp1】amcrypt-ossl 命令执行失败 amanda Application I6IU77 【update20230228-22.03-lts-sp1】amaespipe命令执行失败 amanda Application openEuler-20.03-LTS-SP3 Update 20230301 经各SIG及社区开发者贡献,本周openEuler-20.03-LTS-SP3修复版本已知问5个,已知漏洞23个。目前版本分支剩余待修复缺陷 14个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库 openEuler-20.03-LTS-SP3 Update版本CVE修复 及Bugfix list公示链接: https://gitee.com/openeuler/release-management/issues/I6HVKI?from=project-is... CVE修复: 需求类型 软件包 优先级 CVE-2023-0687 glibc 9.8 CVE-2023-25153 containerd 5.5 CVE-2023-25173 containerd 7.8 CVE-2022-48337 emacs 7.8 CVE-2022-48338 emacs 7.3 CVE-2022-48339 emacs 7.3 CVE-2023-24580 python-django 7.5 CVE-2022-4304 nodejs 5.9 CVE-2022-4450 nodejs 7.5 CVE-2023-0215 nodejs 7.5 CVE-2023-0286 nodejs 7.4 CVE-2022-38266 leptonica 6.5 CVE-2023-0056 haproxy 4.3 CVE-2023-25725 haproxy 7.5 CVE-2022-37704 amanda 6.7 CVE-2022-37705 amanda 6.7 CVE-2021-33639 kernel 6.7 CVE-2023-26545 kernel 5.3 CVE-2020-10775 ovirt-engine 5.3 CVE-2022-4450 edk2 7.5 CVE-2023-0215 edk2 7.5 CVE-2023-0286 edk2 7.4 CVE-2023-0401 edk2 7.5 Bugfix: issue 仓库 #I6E9JM:例行分析python-urllib3补丁,需要补丁回合 python-urllib3 #I4RADS:【20.03-LTS-SP1】log4j升级失败 log4j #I63KFX:自动化测试FC卡不显示FC卡的型号信息 oec-hardware #I4RU21:回合社区补丁 dnf-plugins-core #I6BO2R:【openEuler 1.0-LTS】【OLK-5.10】新增中断重入告警维测 kernel openEuler-20.03-LTS-SP3版本编译构建信息查询链接: https://build.openeuler.org/project/show/openEuler:20.03:LTS:SP3 https://build.openeuler.org/project/show/openEuler:20.03:LTS:SP3:Epol openEuler-20.03-LTS-SP3 Update版本 发布源链接: https://repo.openeuler.org/openEuler-20.03-LTS-SP3/update/ https://repo.openeuler.org/openEuler-20.03-LTS-SP3/EPOL/update/main/ openEuler CVE 及 安全公告公示链接: https://www.openeuler.org/zh/security/cve/ https://www.openeuler.org/zh/security/safety-bulletin/ https://repo.openeuler.org/security/data/cvrf/ openEuler-20.03-LTS-SP3 Update版本待修复问题清单公示: 任务ID 任务标题 关联仓库 SIG I4QV7S 【openEuler-20.03-LTS-SP3】flink run 命令执行失败 flink sig-bigdata I4UMEV [openEuler 20.03-LTS SP3]openEuler开启crash_kexec_post_notifiers后,panic通知链无法完全遍历 kernel Kernel I5IGAS 【20.03-SP3】【x86/arm】epol源下的opencryptoki、opencryptoki-devel软件包安装报错,gpg检查失败 opencryptoki dev-utils I5IGOR 【20.03-SP3】【x86/arm】epol源下的fluidsynth、fluidsynth-devel、fluidsynth-help软件包安装报错,gpg检查失败 fluidsynth Application I5KXUY 【20.03 LTS SP3 update 20220803】【arm/x86】ovirt-cockpit-sso.service服务启动失败 ovirt-cockpit-sso oVirt I5KY4S 【20.03 LTS SP3 update 20220803】【arm/x86】vdsmd.service服务启动失败,导致mom-vdsm.service服务无法启动成功 vdsm oVirt I5LYJK 【20.03-sp3_update20220801】【x86】对内核版进行升级后,TCP_option_address安装异常 TCP_option_address Kernel I5XDXJ openeuler:20.03-sp3下lua-lunit0.5和lua5.3不匹配 mugen sig-QA I613DI 【20.03 SP3】当前最新版本的kernel、 oec-hardware、 openEuler-release三个包同时安装,虚拟机启动失败 openEuler-release Base-service I61LEV 【20.03 LTS SP3】【arm/x86】安装oscilloscope,然后执行oscilloscope -h报错 tuna Others I66BBJ [20.03-LTS-SP3]/etc/yum.repos.d/openEuler.repo源中默认没有update的source源 openEuler-repos Base-service I6CBL7 【20.03 sp3 udpate 0131 】netdata -W createdataset=10命令执行失败 netdata Base-service I6ITY0 【update20230228-20.03-lts-sp3】amcrypt-ossl 命令执行失败 amanda Application I6IUAO 【update20230228-20.03-lts-sp3】amaespipe命令执行失败 amanda Application openEuler-22.03-LTS Update 20230301 经各SIG及社区开发者贡献,本周openEuler-22.03-LTS修复版本已知问题5个,已知漏洞29个。目前版本分支剩余待修复缺陷11个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库 openEuler-22.03-LTS Update版本CVE修复 及Bugfix list公示链接: https://gitee.com/openeuler/release-management/issues/I6HVKJ?from=project-is... CVE修复: CVE 仓库 score CVE-2023-0687 glibc 9.8 CVE-2023-25153 containerd 5.5 CVE-2023-25173 containerd 7.8 CVE-2022-48337 emacs 7.8 CVE-2022-48338 emacs 7.3 CVE-2022-48339 emacs 7.3 CVE-2023-22796 rubygem-activesupport 7.5 CVE-2022-44566 rubygem-activerecord 7.5 CVE-2023-22794 rubygem-activerecord 8.8 CVE-2023-24580 python-django 7.5 CVE-2022-4304 nodejs 5.9 CVE-2022-4450 nodejs 7.5 CVE-2023-0215 nodejs 7.5 CVE-2023-0286 nodejs 7.4 CVE-2022-38266 leptonica 6.5 CVE-2023-0056 haproxy 4.3 CVE-2023-25725 haproxy 7.5 CVE-2023-26081 epiphany 0 CVE-2022-37704 amanda 6.7 CVE-2022-37705 amanda 6.7 CVE-2021-33639 kernel 6.7 CVE-2023-0597 kernel 5.5 CVE-2023-0615 kernel 5.5 CVE-2020-10775 ovirt-engine 5.3 CVE-2022-44789 mujs 8.8 CVE-2022-4450 edk2 7.5 CVE-2023-0215 edk2 7.5 CVE-2023-0286 edk2 7.4 CVE-2023-0401 edk2 7.5 Bugfix: issue 仓库 #I6E9JM:例行分析python-urllib3补丁,需要补丁回合 python-urllib3 #I6GM47:openEuler-22.03-LTS-SP1分支unbound为何未合入社区已知#610 #611问题 unbound #I63KFX:自动化测试FC卡不显示FC卡的型号信息 oec-hardware #I57PCI:python3-dnf-plugin-post-transaction-actions子包缺少目录 dnf-plugins-core #I6IRK0:update_0301 避免全量升级出现文件冲突 cups openEuler-22.03-LTS版本编译构建信息查询链接: https://build.openeuler.org/project/show/openEuler:22.03:LTS https://build.openeuler.org/project/show/openEuler:22.03:LTS:Epol openEuler-22.03-LTS Update版本 发布源链接: https://repo.openeuler.org/openEuler-22.03-LTS/update/ https://repo.openeuler.org/openEuler-22.03-LTS/EPOL/update/main/ https://repo.openeuler.org/openEuler-22.03-LTS/EPOL/update/multi_version/Ope... https://repo.openeuler.org/openEuler-22.03-LTS/EPOL/update/multi_version/Ope... openEuler-22.03-LTS Update版本待修复问题清单公示: 任务ID 任务标题 关联仓库 SIG I5JIA6 【22.03 LTS update 20220727】ovirt-engine在update 20220727版本安装失败 ovirt-engine oVirt I5JPII 【22.03_update20220727】【x86/arm】ovirt-engine源码包本地自编译失败,缺少编译依赖ovirt-jboss-modules-maven-plugin ovirt-engine oVirt I665SM resize2fs出现csum不一致 kernel Kernel I66BDE [22.03-LTS]/etc/yum.repos.d/openEuler.repo源中默认没有update的source源 openEuler-repos Base-service I66KIH 【22.03 LTS update 20221214】【arm/x86】openstack-ironic-inspector.service服务stop失败 openstack-ironic-inspector sig-openstack I677QX 【22.03-LTS】【x86/arm】安装opengauss-server时报未找不着lsof命令错误 opengauss-server DB I6AG88 【22.03-LTS】【arm/x86】nvwa第一次卸载时有异常报错信息 nvwa sig-ops I6AGEG 【22.03-LTS-SP1】【arm/x86】nvwa第一次卸载时有异常报错信息 nvwa sig-ops I6CBPQ 【22.03 lts udpate 0131 】netdata -W createdataset=10命令执行失败 netdata Base-service I6IU0H 【update20230228-22.03-lts】amcrypt-ossl 命令执行失败 amanda Application I6IU1P 【update20230228-22.03-lts】amaespipe命令执行失败 amanda Application openEuler-22.03-LTS SP1 Update 20230301 经各SIG及社区开发者贡献,本周openEuler-22.03-LTS修复版本已知问题16个,已知漏洞24个。目前版本分支剩余待修复缺陷23个,缺陷/漏洞统计详见清单,缺陷/漏洞问题详见各软件包源码仓库 openEuler-22.03-LTS SP1 Update版本CVE修复 及Bugfix list公示链接: https://gitee.com/openeuler/release-management/issues/I6HVKG?from=project-is... CVE修复: CVE 仓库 score CVE-2023-0687 glibc 9.8 CVE-2023-25153 containerd 5.5 CVE-2023-25173 containerd 7.8 CVE-2022-48337 emacs 7.8 CVE-2022-48338 emacs 7.3 CVE-2022-48339 emacs 7.3 CVE-2022-44566 rubygem-activerecord 7.5 CVE-2023-22794 rubygem-activerecord 8.8 CVE-2023-24580 python-django 7.5 CVE-2022-3560 pesign 5.5 CVE-2022-4304 nodejs 5.9 CVE-2022-4450 nodejs 7.5 CVE-2023-0215 nodejs 7.5 CVE-2023-0286 nodejs 7.4 CVE-2022-38266 leptonica 6.5 CVE-2023-0056 haproxy 4.3 CVE-2023-25725 haproxy 7.5 CVE-2022-37704 amanda 6.7 CVE-2022-37705 amanda 6.7 CVE-2022-44789 mujs 8.8 CVE-2022-4450 edk2 7.5 CVE-2023-0215 edk2 7.5 CVE-2023-0286 edk2 7.4 CVE-2023-0401 edk2 7.5 Bugfix: issue 仓库 #I6FF6H:glib2社区补丁回合 glib2 #I6CA2Y:update_20230201-修复glib2-static安装时找不到sysprof-capture-static安装依赖 sysprof #I6HRK9:删除.a库文件并添加make依赖 c-ares #I6HL17:samba 22.03-LTS-SP1升级 samba #I6CGPC:verdor.obscpio文件包缺少stringio-3.0.1.gem obs-bundled-gems #I6GM47:openEuler-22.03-LTS-SP1分支unbound为何未合入社区已知#610 #611问题 unbound #I63KFX:自动化测试FC卡不显示FC卡的型号信息 oec-hardware #I6IRWV:update-0301 fix update conflict of devel and help cups #I6IS21:update-0301 disable static library libXxf86vm #I6GJ7I:安装摘要信息引导界面--root密码输入框,密码输入框眼睛图标含义未汉化 anaconda #I5WLDC:Upgrade to latest release [dnf-plugins-core: 4.0.24 -> 4.3.1] dnf-plugins-core #I6I9HY:delete static library libtirpc #I6IAVJ:delete static library ipset #I6IBB9:delete static library nghttp2 #I6IBLQ:delete static library libdnet #I6E9JM:例行分析python-urllib3补丁,需要补丁回合 python-urllib3 openEuler-22.03-LTS SP1版本编译构建信息查询链接: https://build.openeuler.org/project/show/openEuler:22.03:LTS https://build.openeuler.org/project/show/openEuler:22.03:LTS:Epol openEuler-22.03-LTS SP1 Update版本 发布源链接: https://repo.openeuler.org/openEuler-22.03-LTS/update/ https://repo.openeuler.org/openEuler-22.03-LTS/EPOL/update/main/ https://repo.openeuler.org/openEuler-22.03-LTS/EPOL/update/multi_version/Ope... https://repo.openeuler.org/openEuler-22.03-LTS/EPOL/update/multi_version/Ope... openEuler-22.03-LTS SP1 Update版本待修复问题清单公示: 任务ID 任务标题 关联仓库 SIG I657VS 【22.03_LTS_SP1_RC2】【x86/arm】dde-api存在不安全的编译选项PIE、STRIP dde-api sig-DDE I657VT 【22.03_LTS_SP1_RC2】【x86/arm】dde-daemon存在不安全的编译选项STRIP dde-daemon sig-DDE I657VX 【22.03_LTS_SP1_RC2】【x86/arm】deepin-dbus-generator存在不安全的编译选项PIE、STRIP deepin-dbus-generator sig-DDE I657W0 【22.03_LTS_SP1_RC2】【x86/arm】deepin-editor存在不安全的编译选项STRIP deepin-editor sig-DDE I657W3 【22.03_LTS_SP1_RC2】【x86/arm】deepin-graphics-driver-manager存在不安全的编译选项STRIP deepin-graphics-driver-manager sig-DDE I657W7 【22.03_LTS_SP1_RC2】【x86/arm】deepin-system-monitor存在不安全的编译选项STRIP deepin-system-monitor sig-DDE I6583U 【22.03_LTS_SP1_RC2】【x86/arm】startdde存在不安全的编译选项PIE、STRIP startdde sig-DDE I6975Y 【arm】--enable-bootstrap构建gcc失败 gcc Compiler I6AASB 【arm】【codedb】-O3 -fipa-struct-reorg=2编译AmberToolsICE: lto1: internal compiler error: rewrite failed for realloc gcc Compiler I6AGEG 【22.03-LTS-SP1】【arm/x86】nvwa第一次卸载时有异常报错信息 nvwa sig-ops I6AZZU 【arm】【codedb】-O3 -fipa-struct-reorg=3运行bcftools应用Segmentation fault (core dumped) gcc Compiler I6CBPN 【22.03 lts sp1 udpate 0131 】netdata -W createdataset=10命令执行失败 netdata Base-service I6CKRQ 【22.03 SP1 update20230201】【arm/x86】ceph-selinux卸载过程中有异常打印信息 ceph sig-ceph I6CKZE 【arm】【deja】使用22.03 LTS-SP1发布源gcc 出现编译ICE:during GIMPLE pass: reassoc:internal compiler error: Segmentation fault gcc Compiler I6DRDY 【x86】【spec2017】-O3 -fipa-struct-reorg=5编译子项失败 gcc Compiler I6DUTF [22.03sp1lts][arm/x86] obsredis.service服务启动失败 obs-server Others I6EUHB create_gcov在kernel6.1上执行报错 autofdo Compiler I6FQCO 【22.03-LTS-SP1】【x86/arm】opengauss缺少安装依赖lsof opengauss-server DB I6I438 【x86】【deja】汇编失败:unsupported masking for `vcvtps2ph' gcc Compiler I6I47O 【x86】【deja】运行出现Segmentation fault gcc Compiler I6ISTD [22.03-sp1]执行iscsiadm -m node -p 127.0.0.1 -u命令失败,内核报错 kernel Kernel I6IU04 【update20230228-22.03-lts-sp1】amcrypt-ossl 命令执行失败 amanda Application I6IU77 【update20230228-22.03-lts-sp1】amaespipe命令执行失败 amanda Application 社区待修复漏洞: openEuler社区根据漏洞严重等级采取差异化的修复策略,请各个SIG 关注涉及CVE组件的修复情况。 严重等级(Severity Rating) 漏洞修复时长 致命(Critical) 7天 高(High) 14天 中(Medium) 30天 低(Low) 30天 可参考社区安全委员会漏洞:https://gitee.com/openeuler/security-committee/wikis/%E7%A4%BE%E5%8C%BA%E6%B... 近14天将超期CVE: 漏洞编号 Issue ID 剩余天数 CVSS评分 软件包 责任SIG CVE-2023-23919 I6GFMF 1.26 7.5 nodejs sig-nodejs CVE-2023-23918 I6GFMC 1.26 7.5 nodejs sig-nodejs CVE-2023-24998 I6GH6P 1.55 7.5 apache-commons-fileupload dev-utils CVE-2023-26242 I6GMYX 2.11 7.8 risc-v-kernel sig-RISC-V CVE-2022-48340 I6GQAI 2.26 7.5 glusterfs Storage CVE-2023-23009 I6GTCD 2.91 7.5 libreswan System-tool CVE-2023-26314 I6GYV6 3.14 8.8 mono Base-service CVE-2022-4384 I6DBAC 3.84 6.5 stream CVE-2023-25586 I6DKU7 4.66 0.0 mingw-binutils sig-compat-winapp CVE-2023-25586 I6DKU4 4.66 0.0 binutils Compiler CVE-2022-4304 I6DKV8 4.68 5.9 edk2 Virt CVE-2022-4203 I6DKUZ 4.68 0.0 compat-openssl11 CVE-2023-25585 I6DKUW 4.68 0.0 mingw-binutils sig-compat-winapp CVE-2023-25587 I6DKUV 4.68 0.0 mingw-binutils sig-compat-winapp CVE-2022-4203 I6DKUU 4.68 0.0 edk2 Virt CVE-2023-25585 I6DKUP 4.68 0.0 binutils Compiler CVE-2023-25587 I6DKUO 4.68 0.0 binutils Compiler CVE-2022-4304 I6DKUI 4.68 5.9 compat-openssl11 CVE-2023-25584 I6DSPJ 5.26 0.0 binutils Compiler CVE-2023-25588 I6DSPH 5.26 0.0 mingw-binutils sig-compat-winapp CVE-2023-25584 I6DSPB 5.26 0.0 mingw-binutils sig-compat-winapp CVE-2023-25588 I6DSP8 5.26 0.0 binutils Compiler CVE-2023-21864 I6DZ7V 6.11 4.9 mysql Others CVE-2023-21870 I6DZ7O 6.11 4.9 mysql Others CVE-2023-21866 I6DZ7K 6.11 4.9 mysql Others CVE-2023-21874 I6DZ7A 6.11 2.7 mysql Others CVE-2023-21868 I6DZ76 6.11 6.5 mysql Others CVE-2023-21863 I6DZ6V 6.11 4.9 mysql Others CVE-2023-21869 I6DZ6M 6.11 5.5 mysql Others CVE-2023-21836 I6DZ9K 6.12 4.9 mysql Others CVE-2023-21871 I6DZ99 6.12 4.9 mysql Others CVE-2023-21865 I6DZ8X 6.12 4.9 mysql Others CVE-2023-21872 I6DZ8C 6.12 5.5 mysql Others CVE-2023-21867 I6DZ84 6.12 4.9 mysql Others CVE-2023-21873 I6DZ7Z 6.12 4.9 mysql Others CVE-2023-25166 I6E2G8 6.26 6.5 python-odo sig-python-modules CVE-2022-41862 I6E3MO 6.51 0.0 postgresql DB CVE-2023-20938 I6DKVG 8.15 8.8 kernel Kernel CVE-2023-1077 I6I7UG 8.64 7.0 risc-v-kernel sig-RISC-V CVE-2023-1077 I6I7UB 8.64 7.0 kernel Kernel CVE-2022-25937 I6EUG8 10.35 6.5 openstack-glance sig-openstack CVE-2023-0767 I6F4QN 11.65 0.0 firefox Application CVE-2023-25730 I6F4RP 11.66 0.0 firefox Application CVE-2023-25739 I6F4RO 11.66 0.0 firefox Application CVE-2023-25736 I6F4RN 11.66 0.0 firefox Application CVE-2023-25738 I6F4RM 11.66 0.0 firefox Application CVE-2023-25731 I6F4RL 11.66 0.0 firefox Application CVE-2023-25735 I6F4RK 11.66 0.0 firefox Application CVE-2023-25740 I6F4RJ 11.66 0.0 firefox Application CVE-2023-25744 I6F4RI 11.66 0.0 firefox Application CVE-2023-25746 I6F4RH 11.66 0.0 firefox Application CVE-2023-25742 I6F4RG 11.66 0.0 firefox Application CVE-2023-25728 I6F4RF 11.66 0.0 firefox Application CVE-2023-25737 I6F4RE 11.66 0.0 firefox Application CVE-2023-25734 I6F4RD 11.66 0.0 firefox Application CVE-2023-25745 I6F4RA 11.66 0.0 firefox Application CVE-2023-25743 I6F4R8 11.66 0.0 firefox Application CVE-2023-25741 I6F4R6 11.66 0.0 firefox Application CVE-2023-25729 I6F4R2 11.66 0.0 firefox Application CVE-2023-25732 I6F4QX 11.66 0.0 firefox Application CVE-2023-25733 I6F4QT 11.66 0.0 firefox Application CVE-2023-26242 I6GMYH 11.86 7.8 kernel Kernel CVE-2022-27672 I6FB6C 12.16 0.0 kernel Kernel CVE-2022-38090 I6FDF4 12.28 0.0 microcode_ctl System-tool CVE-2022-33196 I6FDF2 12.28 0.0 microcode_ctl System-tool CVE-2023-23934 I6FDE3 12.28 3.5 python-werkzeug Programming-language CVE-2023-0778 I6FEKK 12.53 0.0 podman sig-CloudNative CVE-2016-3092 I6JLSA 12.97 7.5 struts sig-Java CVE-2023-20052 I6FMJU 13.2 0.0 clamav Others CVE-2023-20032 I6FMJ3 13.2 0.0 clamav Others CVE-2023-0616 I6FOOO 13.39 0.0 thunderbird sig-desktop-apps openEuler 社区指导文档及开放平台链接: openEuler 版本分支维护规范: https://gitee.com/openeuler/release-management/blob/master/openEuler%E7%89%8... openEuler release-management 版本分支PR指导: https://gitee.com/openeuler/release-management/blob/master/openEuler%E5%BC%8... 社区QA 版本测试提单规范 https://gitee.com/openeuler/QA/blob/839f952696f271f83c018ccf3218cf493b92d651... 社区QA 测试平台 radiates https://radiatest.openeuler.org<https://radiatest.openeuler.org/> 沐钰莹(openEuler release SIG) Mobile: +86 15651995918 中国(China)-杭州(Hangzhou)-滨江区江淑路360号华为杭州研发中心 HUAWEI , Jiangshu Road., Binjiang District, Hangzhou, P.R.China E-mail: muyuying1@huawei.com<mailto:muyuying1@huawei.com> [cid:image004.png@01D94F60.32558360]Open Source OS for Digital Infrastructure 本邮件及其附件含有华为公司的保密信息,仅限于发送给上面地址中列出的个人或群组。禁止任何其他人以任何形 式使用(包括但不限于全部或部分地泄露、复制、或散发)本邮件中的信息。如果您错收了本邮件,请您立即电话 或邮件通知发件人并删除本邮件! This e-mail and its attachments contain confidential information from HUAWEI, which is intended only for the person or entity whose address is listed above. Any use of the information contained herein in any way (including, but not limited to, total or partial disclosure, reproduction, or dissemination) by persons other than the intended recipient(s) is prohibited. If you receive this e-mail in error, please notify the sender by phone or email immediately and delete it
