[OE-core] [dunfell][PATCH] grub2: Fix several security issue of integer underflow

Source: https://git.savannah.gnu.org/gitweb/?p=grub.git MR: 119763, 119779, 119807 Type: Security Fix Disposition: Backport from https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3e4817538de828319ba6d59ced2fbb9b5ca13287 && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=b26b4

[OE-core] [dunfell][PATCH] python3-lxml: CVE-2022-2309 NULL Pointer Dereference allows attackers to cause a denial of service

Source: https://github.com/lxml/lxml MR: 119399 Type: Security Fix Disposition: Backport from https://github.com/lxml/lxml/commit/86368e9cf70a0ad23cccd5ee32de847149af0c6f ChangeID: 0b1ef4ce4c901ef6574a83ecbe4c4b1d2ab24777 Description: CVE-2022-2309 libxml: NULL Pointer Dereference allows a

[OE-core] [kirkstone][master][PATCH V2] apt: fix do_package_qa failure

From: Changqing Li bitbake nativesdk-apt failed with error: ERROR: nativesdk-apt-2.4.5-r0 do_package_qa: QA Issue: nativesdk-apt installs files in /usr/local/oe-sdk-hardcoded-buildpath/sysroots/x86_64-pokysdk-linux/var/volatile, but it is expected to be empty [empty-dirs] an empty dir apt is

Re: [OE-core] [kirkstone] binutils: stable 2.38 branch updates

Hello, Regression testing with binutils testing is performed and no regressions found. Thanks, Sundeep K. -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#168691): https://lists.openembedded.org/g/openembedded-core/message/168691 Mute This Topic: h

[OE-core] [kirkstone] binutils: stable 2.38 branch updates

Below commits on Binutils-2.38 development branch are updated. 5c0b4ee4060 i386: Don't allow GOTOFF relocation against IFUNC symbol for PIC 19892fedb7b x86: Properly check invalid relocation against protected symbol b8a2baa80b1 libctf: tests: prune warnings from compiler output 7f9a495a167 libctf:

[OE-core] OE-core CVE metrics for kirkstone on Sun 31 Jul 2022 03:00:01 AM HST

Branch: kirkstone New this week: 1 CVEs CVE-2022-2522 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2522 * Removed this week: 4 CVEs CVE-2022-32205 (CVSS3: 4.3 MEDIUM): curl:curl-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32205 * CVE-2022

Re: [OE-core] [PATCH] kernel-fitimage.bbclass: add padding algorithm property in config nodes

Hello, This patch could be cherry-picked into kirkstone, please? Thanks ;) Luis -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#168688): https://lists.openembedded.org/g/openembedded-core/message/168688 Mute This Topic: https://lists.openembedded

[OE-core] [PATCH] kernel-fitimage.bbclass: add padding algorithm property in config nodes

Hello, This patch could be cherry-picked into kirkstone, please? Thanks ;) Luis -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#168687): https://lists.openembedded.org/g/openembedded-core/message/168687 Mute This Topic: https://lists.openembedded

[OE-core] OE-core CVE metrics for dunfell on Sun 31 Jul 2022 02:30:01 AM HST

Branch: dunfell New this week: 8 CVEs CVE-2022-1920 (CVSS3: 7.8 HIGH): gstreamer1.0 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1920 * CVE-2022-1921 (CVSS3: 7.8 HIGH): gstreamer1.0 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1921 * CVE-2022-1922 (CVSS3: 7.8 HIGH): gst

[OE-core] OE-core CVE metrics for master on Sun 31 Jul 2022 02:00:01 AM HST

Branch: master New this week: 0 CVEs Removed this week: 6 CVEs CVE-2022-2288 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2288 * CVE-2022-2289 (CVSS3: 7.8 HIGH): vim https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2289 * CVE-2022-2304 (CVSS3: 7.8 HI

[OE-core] [dunfell][PATCH] u-boot: fix CVE-2022-34835

i2c: fix stack buffer overflow vulnerability in i2c md command CVE: CVE-2022-34835 Signed-off-by:Minjae Kim --- .../u-boot/files/CVE-2022-34835.patch | 124 ++ meta/recipes-bsp/u-boot/u-boot_2020.01.bb | 4 + 2 files changed, 128 insertions(+) create mode 100644 m