/?id=ff1013a0ab485b66783b70145e342a82c670906a
Signed-off-by: Ashish Sharma
---
.../ghostscript/CVE-2024-29508-1.patch| 308 ++
.../ghostscript/CVE-2024-29508-2.patch| 29 ++
.../ghostscript/ghostscript_9.55.0.bb | 2 +
3 files changed, 339 insertions(+)
cr
Signed-off-by: Ashish Sharma
---
.../libarchive/CVE-2024-48957.patch | 33 +
.../libarchive/CVE-2024-48958.patch | 37 +++
.../libarchive/libarchive_3.6.2.bb| 2 +
3 files changed, 72 insertions(+)
create mode 100644
meta/recipes
Upstream-Status: Backport
[https://launchpad.net/ubuntu/+source/ghostscript/9.55.0~dfsg1-0ubuntu5.9]
Signed-off-by: Ashish Sharma
---
.../ghostscript/CVE-2024-29508-2.patch| 28 ++
.../ghostscript/CVE-2024-29508.patch | 307 ++
.../ghostscript
Upstream-Status: Backport
[https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
Signed-off-by: Ashish Sharma
---
.../ruby/ruby/CVE-2024-27282.patch| 28 +++
meta/recipes-devtools/ruby/ruby_3.2.2.bb | 1 +
2 files changed, 29 insertions
stop looking for modules in cwd in gtk/gtkmodules.c.
Upstream-Status: Backport
[https://launchpad.net/ubuntu/+source/gtk+3.0/3.24.33-1ubuntu2.2]
Signed-off-by: Ashish Sharma
---
.../gtk+/gtk+3/CVE-2024-6655.patch| 39 +++
meta/recipes-gnome/gtk+/gtk+3_3.24.34.bb
Includes security fixes for:
CVE-2024-1975
CVE-2024-1737
CVE-2024-0760
CVE-2024-4076
Changelog:
=
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9.18.28/CHANGES
Signed-off-by: Ashish Sharma
Includes security fixes for:
CVE-2024-1975
CVE-2024-1737
CVE-2024-0760
CVE-2024-4076
Changelog:
=
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9.18.28/CHANGES
Signed-off-by: Ashish Sharma
Includes security fixes for:
CVE-2024-1975
CVE-2024-1737
CVE-2024-0760
CVE-2024-4076
Changelog:
=
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9.18.28/CHANGES
Signed-off-by: Ashish Sharma
Includes security fixes for:
CVE-2024-1975
CVE-2024-1737
CVE-2024-0760
CVE-2024-4076
Changelog:
=
https://gitlab.isc.org/isc-projects/bind9/-/blob/v9.18.28/CHANGES
Signed-off-by: Ashish Sharma
This patch fixes an out-of-bound error in rar e8 filter.
Upstream-Status: Backport
[https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237]
Signed-off-by: Ashish Sharma
---
.../libarchive/CVE-2024-26256.patch | 27 +++
.../libarchive
Upstream-Status: Backport
[https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
Signed-off-by: Ashish Sharma
---
.../ruby/ruby/CVE-2024-27282.patch| 29 +++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
2 files changed, 30 insertions
Upstream-Status: Backport
[https://github.com/ruby/ruby/commit/989a2355808a63fc45367785c82ffd46d18c900a]
Signed-off-by: Ashish Sharma
---
.../ruby/ruby/CVE-2024-27282.patch| 29 +++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
2 files changed, 30 insertions
Upstream-Status: Backport from
[https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb]
CVE: CVE-2024-4032
Signed-off-by: Ashish Sharma
---
.../python/python3/CVE-2024-4032.patch| 346 ++
.../recipes-devtools/python/python3_3.12.3.bb | 1
Upstream-Status: Backport from
[https://github.com/python/cpython/commit/ba431579efdcbaed7a96f2ac4ea0775879a332fb]
CVE: CVE-2024-4032
Signed-off-by: Ashish Sharma
---
.../python/python3/CVE-2024-4032.patch| 346 ++
.../python/python3_3.10.14.bb | 1
Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b]
Signed-off-by: Ashish Sharma
---
.../xserver-xorg/CVE-2024-31080.patch | 49 +++
.../xorg-xserver/xserver-xorg_1.20.14.bb | 1 +
2 files
Upstream-Status: Backport
[https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee]
Signed-off-by: Ashish Sharma
---
.../xserver-xorg/CVE-2024-31081.patch | 47 +++
.../xorg-xserver/xserver-xorg_1.20.14.bb | 1 +
2 files
Upstream-Status: Backport
[https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c]
Signed-off-by: Ashish Sharma
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2024-24784.patch | 205 ++
2 files changed, 206
Upstream ref:
https://github.com/libexpat/libexpat/pull/842
https://github.com/libexpat/libexpat/issues/839
Upstream-Status: Backport
[https://github.com/libexpat/libexpat/commit/072eca0b72373da103ce15f8f62d1d7b52695454]
Signed-off-by: Ashish Sharma
---
.../expat/expat/CVE-2024-28757.patch
Upstream-Status: Backport from
[https://git.kernel.org/pub/scm/utils/mdadm/mdadm.git/patch/?id=7d374a1869d3a84971d027a7f4233878c8f25a62]
CVE: CVE-2023-28938
Signed-off-by: Ashish Sharma
---
.../mdadm/files/CVE-2023-28938.patch | 80 +++
meta/recipes-extended/mdadm
Signed-off-by: Ashish Sharma
---
.../mdadm/files/CVE-2023-28938.patch | 80 +++
meta/recipes-extended/mdadm/mdadm_4.1.bb | 1 +
2 files changed, 81 insertions(+)
create mode 100644 meta/recipes-extended/mdadm/files/CVE-2023-28938.patch
diff --git a/meta/recipes
Upstream-Status: Backport from
[https://github.com/madler/zlib/commit/73331a6a0481067628f065ffe87bb1d8f787d10c]
Signed-off-by: Ashish Sharma
---
.../zlib/zlib/CVE-2023-45853.patch| 40 +++
meta/recipes-core/zlib/zlib_1.2.11.bb | 1 +
2 files changed, 41
Signed-off-by: Ashish Sharma
---
.../zlib/zlib/CVE-2023-45853.patch| 40 +++
meta/recipes-core/zlib/zlib_1.2.11.bb | 3 +-
2 files changed, 42 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-core/zlib/zlib/CVE-2023-45853.patch
diff --git a/meta
Upstream-Status: Backport from
[https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1]
CVE: CVE-2023-25588
Signed-off-by: Ashish Sharma
---
.../binutils/binutils-2.34.inc| 1 +
.../binutils/binutils/CVE-2023-25588.patch| 146
Signed-off-by: Ashish Sharma
---
.../mdadm/files/CVE-2023-28736.patch | 77 +++
meta/recipes-extended/mdadm/mdadm_4.1.bb | 1 +
2 files changed, 78 insertions(+)
create mode 100644 meta/recipes-extended/mdadm/files/CVE-2023-28736.patch
diff --git a/meta/recipes
Upstream-Status: Backport from
[https://gitlab.com/qemu-project/qemu/-/commit/9d38a8434721a6479fe03fb5afb150ca793d3980]
CVE: CVE-2023-3180
Signed-off-by: Ashish Sharma
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
.../qemu/qemu/CVE-2023-3180.patch | 49
Signed-off-by: Ashish Sharma
---
.../openssl/openssl/CVE-2023-2975.patch | 61 +++
.../openssl/openssl_3.0.9.bb | 1 +
2 files changed, 62 insertions(+)
create mode 100644
meta/recipes-connectivity/openssl/openssl/CVE-2023-2975.patch
diff --git a/meta
Signed-off-by: Ashish Sharma
---
.../curl/curl/CVE-2023-32001.patch| 39 +++
meta/recipes-support/curl/curl_7.82.0.bb | 1 +
2 files changed, 40 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
diff --git a/meta/recipes
Signed-off-by: Ashish Sharma
---
.../curl/curl/CVE-2023-32001.patch| 38 +++
meta/recipes-support/curl/curl_7.69.1.bb | 1 +
2 files changed, 39 insertions(+)
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-32001.patch
diff --git a/meta/recipes
emit filterFailsafe for empty unquoted attr
value
Signed-off-by: Ashish Sharma
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2023-29400.patch | 94 +++
2 files changed, 95 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14
untu/+source/vim/tree/debian/patches/CVE-2023-2609.patch?h=applied/ubuntu/devel&id=586a63887e677551384eea2ab03eb22bd1117338
&
https://git.launchpad.net/ubuntu/+source/vim/tree/debian/patches/CVE-2023-2610.patch?h=applied/ubuntu/devel&id=586a63887e677551384eea2ab03eb22bd1117338]
Signed-off-b
Upstream-Status: Backport
[https://github.com/golang/go/commit/fa60c381ed06c12f9c27a7b50ca44c5f84f7f0f4
&
https://github.com/golang/go/commit/1008486a9ff979dbd21c7466eeb6abf378f9c637]
Signed-off-by: Ashish Sharma
---
meta/recipes-devtools/go/go-1.14.inc | 2 +
.../go/go-1.14/CVE-
emit filterFailsafe for empty unquoted attr
value
Signed-off-by: Ashish Sharma
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2023-29400.patch | 93 +++
2 files changed, 94 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.14
Improper sanitization of CSS values in html/template
Signed-off-by: Ashish Sharma
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2023-24539.patch | 60 +++
2 files changed, 61 insertions(+)
create mode 100644 meta/recipes-devtools/go/go
Fixing of improper sanitization of CSS values in html/template
Signed-off-by: Ashish Sharma
---
meta/recipes-devtools/go/go-1.14.inc | 1 +
.../go/go-1.14/CVE-2023-24539.patch | 60 +++
2 files changed, 61 insertions(+)
create mode 100644 meta/recipes
Avoid overwriting the read packet length after the initial test. Thus
move all the length checks which depends on the total length first
and do not use the total lenght from the IP packet afterwards.
Fixes CVE-2023-28488
Reported by Polina Smirnova
Signed-off-by: Ashish Sharma
Avoid overwriting the read packet length after the initial test. Thus
move all the length checks which depends on the total length first
and do not use the total lenght from the IP packet afterwards.
Fixes CVE-2023-28488
Reported by Polina Smirnova
Signed-off-by: Ashish Sharma
Avoid overwriting the read packet length after the initial test. Thus
move all the length checks which depends on the total length first
and do not use the total lenght from the IP packet afterwards.
Fixes CVE-2023-28488
Reported by Polina Smirnova
Signed-off-by: Ashish Sharma
ChangeID: 2bfa88cb752792ddc37f700f87a896331bb12c95
CVE: CVE-2023-29383
shadow: Improper input validation in shadow-utils package utility
chfn
Signed-off-by: Ashish Sharma
---
.../shadow/files/CVE-2023-29383.patch | 46 +++
meta/recipes-extended/shadow/shadow.inc
Upstream-Status: Backport from
'https://github.com/vim/vim/commit/7b17eb4b063a234376c1ec909ee293e42cff290c'
CVE: CVE-2023-0049
Signed-off-by: Ashish Sharma
---
.../vim/files/CVE-2023-0049.patch | 62 +++
meta/recipes-support/vim/vim.inc | 1
Reader.Read doesn't set a limit on the maximum size of file headers.
Upstream-Status: Backport from
[https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08]
CVE: CVE-2022-2879
Signed-off-by: Ashish Sharma
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.
40 matches
Mail list logo
