On 10/17/2024 9:39 PM, Mathieu Dubois-Briand wrote:
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Wed, Oct 16, 2024 at 04:45:38PM +0800, Wang, Jinfeng (CN) via
lists.openem
Hi there,
We noticed many gzip segfault errors on our build machine when doing either
do_rootfs or do_populate_sdk for images on which the man pages are enabled.
We traced this to mandb, run from the postinst script injected by
manpages.bbclass, which invokes gzip to scan compressed manpages.
Branch: scarthgap
New this week: 2 CVEs
CVE-2024-47661 (CVSS3: 5.5 MEDIUM): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47661 *
CVE-2024-47674 (CVSS3: 5.5 MEDIUM): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47674 *
Removed this week: 3 CVEs
C
Branch: kirkstone
New this week: 3 CVEs
CVE-2024-0229 (CVSS3: 7.8 HIGH): xwayland
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-0229 *
CVE-2024-47661 (CVSS3: 5.5 MEDIUM): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-47661 *
CVE-2024-47674 (CVSS3: 5.5 MEDIUM):
Branch: master
New this week: 0 CVEs
Removed this week: 2 CVEs
CVE-2024-43402 (CVSS3: 8.8 HIGH): libstd-rs:rust:rust-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43402 *
CVE-2024-46864 (CVSS3: 5.5 MEDIUM): linux-yocto
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024
License-Update: additional firmwares
The commit [1] fixes the error when people will use
the distribution tarball during compilation, so
adding the commit as a patch.
Installation of firmware and deduplication are
now separate targets, so we can run install. Target
install no more runs de-duplica
