[OE-core][dunfell 0/7] Patch review

Steve Sakoman Sat, 22 Apr 2023 08:58:15 -0700

Please review this set of patches for dunfell and have comments back by
end of day Tuesday.


Passed a-full on autobuilder:

https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5210

The following changes since commit 9aefb4e46cf4fbf14b46f9adaf3771854553e7f3:

  curl: CVE-2023-27534 SFTP path ~ resolving discrepancy (2023-04-14 07:14:33 
-1000)

are available in the Git repository at:

  https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
  
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut

Hitendra Prajapati (2):
  curl: CVE-2023-27538 fix SSH connection too eager reuse
  screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs

Peter Marko (1):
  go: ignore CVE-2022-41716

Shubham Kulkarni (2):
  go-runtime: Security fix for CVE-2022-41722
  go: Security fix for CVE-2020-29510

Vivek Kumbhar (1):
  go: fix CVE-2023-24537 Infinite loop in parsing

rajmohan r (1):
  systemd: Fix CVE-2023-26604

 .../systemd/systemd/CVE-2023-26604-1.patch    | 115 ++++++++
 .../systemd/systemd/CVE-2023-26604-2.patch    | 264 ++++++++++++++++++
 .../systemd/systemd/CVE-2023-26604-3.patch    | 182 ++++++++++++
 .../systemd/systemd/CVE-2023-26604-4.patch    |  32 +++
 meta/recipes-core/systemd/systemd_244.5.bb    |   4 +
 meta/recipes-devtools/go/go-1.14.inc          |   7 +
 .../go/go-1.14/CVE-2020-29510.patch           |  65 +++++
 .../go/go-1.14/CVE-2022-41722-1.patch         |  53 ++++
 .../go/go-1.14/CVE-2022-41722-2.patch         | 104 +++++++
 .../go/go-1.14/CVE-2023-24537.patch           |  76 +++++
 .../screen/screen/CVE-2023-24626.patch        |  40 +++
 meta/recipes-extended/screen/screen_4.8.0.bb  |   1 +
 .../curl/curl/CVE-2023-27538.patch            |  31 ++
 meta/recipes-support/curl/curl_7.69.1.bb      |   1 +
 14 files changed, 975 insertions(+)
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-1.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-2.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-3.patch
 create mode 100644 meta/recipes-core/systemd/systemd/CVE-2023-26604-4.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2020-29510.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-1.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2022-41722-2.patch
 create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24537.patch
 create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27538.patch

-- 
2.34.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180311): 
https://lists.openembedded.org/g/openembedded-core/message/180311
Mute This Topic: https://lists.openembedded.org/mt/98436017/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[OE-core][dunfell 0/7] Patch review

Reply via email to