Sure, Ross.
I will send the patch to backport the "CVE-2021-3782" fix on wayland 1.20.0
version.
Best Regards,
Narpat
From: Ross Burton
Sent: Friday, October 28, 2022 9:41:28 PM
To: Mali, Narpat
Cc: openembedded-core@lists.openembedded.org
; Polampalli, Archan
Feature and security update. Fixes the following CVEs:
- CVE-2022-32221
- CVE-2022-35260
- CVE-2022-42915
- CVE-2022-42916
Release notes: https://curl.se/changes.html#7_86_0
Signed-off-by: Robert Joslyn
---
meta/recipes-support/curl/{curl_7.85.0.bb => curl_7.86.0.bb} | 2 +-
1 file changed
It would also help if there’s an actual recipe and component somewhere
where the problem exists now. The uuid-test does look like a made up
example.
Let’s merge the crate updater to core first, then we can think of handling
other ways to specify dependencies. ‘cargo bitbake’ is pretty broken and
d
I was wondering about how to do that - my test case was
https://github.com/akiernan/uuid-test, but that's clearly not
adequate; the recipe there comes from `cargo bitbake` as `bitbake -c
update_crates` doesn't deal with git dependencies, or dig down into
transitive deps, which also needs solving.
There doesn’t seem to be a test case or an example for this. How can we
ensure the code is correct?
Alex
On Sun 30. Oct 2022 at 18.38, Alex Kiernan wrote:
> Since disable network was added cargo configurations which reference git
> repos fail as they attempt to fetch across the network as part
Signed-off-by: Alex Kiernan
---
meta/classes-recipe/cargo_common.bbclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/classes-recipe/cargo_common.bbclass
b/meta/classes-recipe/cargo_common.bbclass
index dea0fbe2f653..f503a001dd8e 100644
--- a/meta/classes-recipe/c
Since disable network was added cargo configurations which reference git
repos fail as they attempt to fetch across the network as part of
do_compile, even if EXTRA_OECARGO_PATHS to add them as part of `paths`
is used, as this is documented as only working for packages which exist
in crates.io.
Ad
From: Steve Sakoman
xkb: proof GetCountedString against request length attacks
pstream-Status: Backport
[https://cgit.freedesktop.org/xorg/xserver/commit/?id=11beef0b7f1ed290348e45618e5fa0d2bffcb72e]
xkb: fix some possible memleaks in XkbGetKbdByName
Upstream-Status: Backport
[https://cgit.f
Branch: langdale
New this week: 1 CVEs
CVE-2022-3705 (CVSS3: 7.5 HIGH): vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 *
Removed this week: 1 CVEs
CVE-2022-3555 (CVSS3: 7.5 HIGH): libx11:libx11-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3555 *
Full lis
Branch: kirkstone
New this week: 1 CVEs
CVE-2022-3705 (CVSS3: 7.5 HIGH): vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 *
Removed this week: 1 CVEs
CVE-2022-39253 (CVSS3: 5.5 MEDIUM): git
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39253 *
Full list: Found 27
Branch: dunfell
New this week: 3 CVEs
CVE-2021-46848 (CVSS3: 9.1 CRITICAL): libtasn1:libtasn1-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-46848 *
CVE-2022-3705 (CVSS3: 7.5 HIGH): vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 *
CVE-2022-43680 (CVSS3: 7.5
Branch: master
New this week: 2 CVEs
CVE-2022-3705 (CVSS3: 7.5 HIGH): vim
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3705 *
CVE-2022-43680 (CVSS3: 7.5 HIGH): expat:expat-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43680 *
Removed this week: 17 CVEs
CVE-2022-3
12 matches
Mail list logo
