Blueprints that have vulnerabilities with a CVSS score >= 9.0 and meet the following criteria should submit their information in the chart below to have the vulnerability considered for an exception:
...
| Not Vulnerable | Packages which do not exist in the archive, are not affected by the vulnerability or have a fix applied in the archive. |
| Pending | A fix has been applied and updated packages are awaiting arrival into the archive. For example, this might be used when wider testing is requested for the updated package. |
| Unknown | Open vulnerability where the priority is currently unknown and needs to be triaged. |
| Negligible | Open vulnerability that may be a problem but otherwise does not impose a security risk due to various factors. Examples include when the vulnerability is only theoretical in nature, requires a very special situation, has almost no install base or does no real damage. These typically will not receive security updates unless there is an easy fix and some other issue causes an update. |
| Low | Open vulnerability that is a problem but does very little damage or is otherwise hard to exploit due to small user base or other factors such as requiring specific environment, uncommon configuration, user assistance, etc. These tend to be included in security updates only when higher priority issues require an update or if many low priority issues have built up. |
| Medium | Open vulnerability that is a real problem and is exploitable for many users of the affected software. Examples include network daemon denial of service, cross-site scripting and gaining user privileges. |
| High | Open vulnerability that is a real problem and is exploitable for many users in the default configuration of the affected software. Examples include serious remote denial of service of the system, local root privilege escalations or local data theft. |
| Critical | Open vulnerability that is a world-burning problem and is exploitable for most Ubuntu users. Examples include remote root privilege escalations or remote data theft. |
2017782720177827| Reported fixed and later version (installed), but still reported by Vuls | CVE-2018-5090 | Please add to the "Vendor Patch Available" column output from the following commands: lsb_release -a
dpkg -l | grep <package name associated with CVE> |
| I installed a later version of the software than the version that has been fixed for CVE.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye $ dpkg -l |grep rsyslog
ii rsyslog 8.2102.0-2+deb11u1 arm64 reliable system and kernel logging daemon | Approved |
| CVE-2019-17042 | Robot basic architecture based on SSES | Raspberry Pi OS(Debian 11) | https://security-tracker.debian.org/tracker/CVE- |
20185090CVE-2018-5126Reported fixed and later version (installed), but still reported by Vuls | Please add to the "Vendor Patch Available" column output from the following commands: lsb_release -a
dpkg -l | grep <package name associated with CVE> |
| I installed a later version of the software than the version that has been fixed for CVE.
$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye $ dpkg -l |grep rsyslog
ii rsyslog 8.2102.0-2+deb11u1 arm64 reliable system and kernel logging daemon | Approved |
| CVE-2022-3649 | Robot basic architecture based on SSES | Raspberry Pi OS(Debian 11) | https://security-tracker.debian.org/tracker/CVE- |
20185126Reported fixed and later version (installed), but still reported by Vuls2018514520185145Reported fixed and later version (installed), but still reported by Vuls2018515120185151Reported fixed and later version (installed), but still reported by Vuls201917041201917041Reported fixed and later version (installed), but still reported by Vuls201917042Reported fixed and later version (installed), but still reported by Vuls | Raspberry Pi OS(Debian 11)-tracker.debian.org/tracker3649201920433 Raspberry Pi OS(Debian 11)-tracker.debian.org/tracker Raspberry Pi OS(Debian 11)security-tracker.debian.org/tracker202241877 Raspberry Pi OS(Debian 11)-tracker.debian.org/tracker41877