From: Amaury Couderc <[email protected]>

- Merged CVE-2026-41080-1.patch and CVE-2026-41080-2.patch
  into a single CVE-2026-41080.patch. Dropped the
  Windows/cmake .def export (not needed for OE Linux builds).
- Cleaned up inner patch subject to "[CVE-2026-41080]
  Improve protection against hash flooding".
- Simplified outer commit message to match the single-patch
  approach.
- SRC_URI now references one file://CVE-2026-41080.patch
  instead of two.
- C code fix is unchanged from v2.

Amaury Couderc (1):
  expat: fix CVE-2026-41080

 .../expat/expat/CVE-2026-41080.patch          | 517 ++++++++++++++++++
 meta/recipes-core/expat/expat_2.7.5.bb        |   1 +
 2 files changed, 518 insertions(+)
 create mode 100644 meta/recipes-core/expat/expat/CVE-2026-41080.patch

-- 
2.34.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240656): 
https://lists.openembedded.org/g/openembedded-core/message/240656
Mute This Topic: https://lists.openembedded.org/mt/120207602/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to