[OE-core] [scarthgap][PATCH] ofono: Fix multiple CVEs

2025-01-16 Thread Hitendra Prajapati via lists.openembedded.org
/ofono/ofono.git/commit/?id=305df050d02aea8532f7625d6642685aa530f9b0 Signed-off-by: Hitendra Prajapati --- .../ofono/ofono/CVE-2024-7539.patch | 88 +++ .../ofono/ofono/CVE-2024-7543.patch | 30 +++ .../ofono/ofono/CVE-2024-7544.patch | 30

[OE-core] [kirkstone][PATCH] libsndfile: fix CVE-2024-50612

2024-11-26 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba Signed-off-by: Hitendra Prajapati --- .../libsndfile1/CVE-2024-50612.patch | 402 ++ .../libsndfile/libsndfile1_1.0.31.bb | 1 + 2 files

[OE-core] [scarthgap][PATCH] libsndfile: fix CVE-2024-50612

2024-11-26 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/libsndfile/libsndfile/commit/4755f5bd7854611d92ad0f1295587b439f9950ba Signed-off-by: Hitendra Prajapati --- .../libsndfile1/CVE-2024-50612.patch | 412 ++ .../libsndfile/libsndfile1_1.2.2.bb | 1 + 2 files

[OE-core] [scarthgap][PATCHv3] libsoup: fix CVE-2024-52532

2024-11-18 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be && https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c Signed-off-by: Hitendra Prajapati --- .../libsoup-3.4.4/CVE-2024-52

[OE-core] [scarthgap][PATCHv2] libsoup: fix CVE-2024-52532

2024-11-18 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be && https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c Signed-off-by: Hitendra Prajapati --- .../libsoup-3.4.4/CVE-2024-52

[OE-core] [scarthgap][PATCH] libsoup: fix CVE-2024-52532

2024-11-18 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/29b96fab2512666d7241e46c98cc45b60b795c0c Signed-off-by: Hitendra Prajapati --- .../libsoup-3.4.4/CVE-2024-52532.patch| 42 +++ meta/recipes-support/libsoup/libsoup_3.4.4.bb | 4 +- 2 files

[OE-core] [scarthgap][PATCH] ghostscript: upgrade 10.03.1 -> 10.04.0

2024-11-13 Thread Hitendra Prajapati via lists.openembedded.org
continue. - The usual round of bug fixes, compatibility changes, and incremental improvements. - add the capability to build with the Tesseract OCR engine. Signed-off-by: Wang Mingyu Signed-off-by: Hitendra Prajapati --- .../ghostscript/ghostscript/avoid-host-contamination.patch | 6

[OE-core] [scarthgap][PATCH] libarchive: fix CVE-2024-48957 & CVE-2024-48958

2024-10-10 Thread Hitendra Prajapati via lists.openembedded.org
/a1cb648d52f5b6d3f31184d9b6a7cbca628459b7 Signed-off-by: Hitendra Prajapati --- .../libarchive/CVE-2024-48957.patch | 36 + .../libarchive/CVE-2024-48958.patch | 40 +++ .../libarchive/libarchive_3.7.4.bb| 5 ++- 3 files changed, 80 insertions(+), 1 deletion(-) create

Re: [OE-core] [scarthgap][PATCH] cups: Backport fix for CVE-2024-47175

2024-10-10 Thread Hitendra Prajapati via lists.openembedded.org
Hi Team, any update on this ? Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#205653): https://lists.openembedded.org/g/openembedded-core/message/205653 Mute This Topic: https://lists.openembedded.org/mt/108883765/21656 Group Own

[OE-core] [scarthgap][PATCH] cups: Backport fix for CVE-2024-47175

2024-10-07 Thread Hitendra Prajapati via lists.openembedded.org
& https://github.com/OpenPrinting/cups/commit/1e6ca5913eceee906038bc04cc7ccfbe2923bdfd & https://github.com/OpenPrinting/cups/commit/2abe1ba8a66864aa82cd9836b37e57103b8e1a3b Reference: https://security-tracker.debian.org/tracker/CVE-2024-47175 Signed-off-by: Hitendra Prajapati --- meta/

[OE-core] [scarthgap][PATCHv4] webkitgtk: upgrade 2.44.1 -> 2.44.3

2024-09-29 Thread Hitendra Prajapati via lists.openembedded.org
Remove below patches which already fix in this upgraded version. 0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch 0002-More-dynamicDowncast-adoption-in-platform-code.patch Signed-off-by: Hitendra Prajapati --- ...able-to-control-macro-__PAS_ALWAYS_I.patch | 6

[OE-core] [scarthgap][PATCHv3] webkitgtk: upgrade 2.44.1 -> 2.44.3

2024-09-27 Thread Hitendra Prajapati via lists.openembedded.org
Remove below patches which already fix in this upgraded version. 1. CVE-2024-40779.patch 2. 0001-Remove-ARM-specific-declarations-in-FELighting.h-unn.patch Signed-off-by: Hitendra Prajapati --- ...able-to-control-macro-__PAS_ALWAYS_I.patch | 6 +- ...spection.cmake-prefix-variables-obta.patch

[OE-core] [scarthgap][PATCHv2] webkitgtk: upgrade 2.44.1 -> 2.44.3

2024-09-27 Thread Hitendra Prajapati via lists.openembedded.org
Remove CVE-2024-40779.patch which already fix in this upgraded version. Signed-off-by: Hitendra Prajapati --- ...able-to-control-macro-__PAS_ALWAYS_I.patch | 6 +- ...spection.cmake-prefix-variables-obta.patch | 2 +- ...d5e22213fdaca2a29ec3400c927d710a37a8.patch | 2 +- .../webkit/webkitgtk

[OE-core] [scarthgap][PATCH] webkitgtk: upgrade 2.44.1 -> 2.44.3

2024-09-27 Thread Hitendra Prajapati via lists.openembedded.org
Remove CVE-2024-40779.patch which already fix in this upgraded version. Signed-off-by: Hitendra Prajapati --- ...able-to-control-macro-__PAS_ALWAYS_I.patch | 6 +- ...spection.cmake-prefix-variables-obta.patch | 2 +- ...d5e22213fdaca2a29ec3400c927d710a37a8.patch | 2 +- .../webkit

[OE-core] [scarthgap][PATCH] webkitgtk: Security fix CVE-2024-40779

2024-09-24 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/WebKit/WebKit/commit/2fe5ae29a5f6434ef456afe9673a4f400ec63848 Signed-off-by: Hitendra Prajapati --- .../webkit/webkitgtk/CVE-2024-40779.patch | 92 +++ meta/recipes-sato/webkit/webkitgtk_2.44.1.bb | 1 + 2 files changed

[OE-core] [scarthgap][PATCH] curl: fix CVE-2024-8096

2024-09-19 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/curl/curl/commit/aeb1a281cab13c7ba791cb104e556b20e713941f Signed-off-by: Hitendra Prajapati --- .../curl/curl/CVE-2024-8096.patch | 207 ++ meta/recipes-support/curl/curl_8.7.1.bb | 1 + 2 files changed, 208

[OE-core] [kirkstone][PATCH] python3: fix CVE-2023-27043

2024-09-08 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/python/cpython/commit/2a9273a0e4466e2f057f9ce6fe98cd8ce570331b Signed-off-by: Hitendra Prajapati --- .../python/python3/CVE-2023-27043.patch | 510 ++ .../python/python3_3.10.14.bb | 1 + 2 files changed

Re: [OE-core] [kirkstone][PATCHv2] rpm: Upgrade 4.17.1 -> 4.18rc1

2024-09-03 Thread Hitendra Prajapati via lists.openembedded.org
t; > Alex > > On Tue, 3 Sept 2024 at 10:46, Hitendra Prajapati via > lists.openembedded.org > wrote: > > > > Includes fixes for CVE-2021-35937, CVE-2021-35938 and CVE-2021-35939 > > which can't be easily backported. > > > > Add a PACKAGECONFIG option

[OE-core] [kirkstone][PATCHv2] rpm: Upgrade 4.17.1 -> 4.18rc1

2024-09-03 Thread Hitendra Prajapati via lists.openembedded.org
tches and drop the error.h patch as error() no longer used. Signed-off-by: Hitendra Prajapati --- ...olor-setting-for-mips64_n32-binaries.patch | 22 +++--- ...satisfiable-dependency-when-building.patch | 10 +-- ...lib-rpm-as-the-installation-path-for.patch | 26 +++ ...1-Do-not-read-config-

[OE-core] [kirkstone][PATCH] rpm: Upgrade 4.17.1 -> 4.18rc1

2024-09-03 Thread Hitendra Prajapati via lists.openembedded.org
3 and that breaks a number of our test configurations as things stand. Refresh patches and drop the error.h patch as error() no longer used. Signed-off-by: Hitendra Prajapati --- ...olor-setting-for-mips64_n32-binaries.patch | 22 +++--- ...satisfiable-dependency-when-building.patch | 10 +-- .

[OE-core] [kirkstone][PATCH] qemu: fix CVE-2024-7409

2024-09-03 Thread Hitendra Prajapati via lists.openembedded.org
/3e7ef738c8462c45043a1d39f702a0990406a3b3 Signed-off-by: Hitendra Prajapati --- meta/recipes-devtools/qemu/qemu.inc | 4 + .../qemu/qemu/CVE-2024-7409-0001.patch| 162 .../qemu/qemu/CVE-2024-7409-0002.patch| 174 ++ .../qemu/qemu/CVE-2024-7409-0003

[OE-core] [kirkstone][PATCH] vim: upgrade from 9.0.2190 -> 9.1.0114

2024-08-26 Thread Hitendra Prajapati via lists.openembedded.org
vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47) Signed-off-by: Hitendra Prajapati --- meta/recipes-support/vim/{vim-tiny_9.0.bb => vim-tiny_9.1.bb} | 0 meta/recipes-support/vim/vim.inc | 4 ++-- meta/recipes-support/vim/{vim_9.0.bb => vim_9.1.bb} | 0 3

[OE-core] [kirkstone][PATCHv3] busybox: CVE-2023-42364, CVE-2023-42365, CVE-2023-42366 fixes

2024-08-08 Thread Hitendra Prajapati via lists.openembedded.org
backport upstream fix for CVEs and fix the regression that introduced [1] [1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html Signed-off-by: Hitendra Prajapati --- .../busybox/CVE-2023-42364_42365-1.patch | 197 ++ .../busybox/CVE-2023-42364_42365-2.patch

[OE-core] [kirkstone][PATCHv2] busybox: CVE-2023-42364, CVE-2023-42365, CVE-2023-42366 fixes

2024-08-07 Thread Hitendra Prajapati via lists.openembedded.org
backport upstream fix for CVEs and fix the regression that introduced [1] [1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html Signed-off-by: Hitendra Prajapati --- .../busybox/CVE-2023-42364_42365-1.patch | 197 ++ .../busybox/CVE-2023-42364_42365-2.patch

[OE-core] [kirkstone][PATCH] busybox: CVE-2023-42364, CVE-2023-42365 & CVE-2023-42366 fixes

2024-08-07 Thread Hitendra Prajapati via lists.openembedded.org
backport upstream fix for CVEs and fix the regression that introduced [1] [1] http://lists.busybox.net/pipermail/busybox/2024-May/090766.html Signed-off-by: Hitendra Prajapati --- ...01-awk-fix-precedence-of-relative-to.patch | 197 ++ ...1-awk.c-fix-CVE-2023-42366-bug-15874

[OE-core] [kirkstone][PATCH] busybox: Fix CVE-2023-42363

2024-07-15 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://git.busybox.net/busybox/commit/?id=fb08d43d44d1fea1f741fafb9aa7e1958a5f69aa Signed-off-by: Hitendra Prajapati --- .../busybox/busybox/CVE-2023-42363.patch | 67 +++ meta/recipes-core/busybox/busybox_1.35.0.bb | 1 + 2 files changed

[OE-core] [scarthgap][PATCH] vte: fix CVE-2024-37535

2024-07-15 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/vte/-/commit/036bc3ddcbb56f05c6ca76712a53b89dee1369e2 && https://gitlab.gnome.org/GNOME/vte/-/commit/c313849c2e5133802e21b13fa0b141b360171d39 Signed-off-by: Hitendra Prajapati --- .../vte/vte/CVE-2024-37535-01.patch

[OE-core] [scarthgap][PATCH] ruby: fix CVE-2024-27281

2024-07-10 Thread Hitendra Prajapati via lists.openembedded.org
References: https://github.com/ruby/ruby/pull/10316 https://security-tracker.debian.org/tracker/CVE-2024-27281 Upstream-Status: Backport from https://github.com/ruby/rdoc/commit/da7a0c7553ef7250ca665a3fecdc01dbaacbb43d Signed-off-by: Hitendra Prajapati --- .../ruby/ruby/CVE-2024-27281.patch

[OE-core] [scarthgap][PATCH] ghostscript: upgrade 10.02.1 -> 10.03.1

2024-07-07 Thread Hitendra Prajapati via lists.openembedded.org
citly-disable-neon.patch other patch release to address security bugs: CVE-2024-29506 CVE-2024-29507 CVE-2024-29508 CVE-2024-29509 CVE-2024-29511 (From OE-Core rev: 9a424fbcdc0c792ff3b99bf0e8a5e380582f53bc) Signed-off-by: Changqing Li Signed-off-by: Alexandre Belloni Signed-off-by: Hitendra Praj

[OE-core] [scarthgap][PATCH] QEMU: Fix CVE-2024-3446 & CVE-2024-3567

2024-07-03 Thread Hitendra Prajapati via lists.openembedded.org
rt [https://gitlab.com/qemu-project/qemu/-/commit/eb546a3f49f45e6870ec91d792cd09f8a662c16e] +CVE: CVE-2024-3446 +Signed-off-by: Hitendra Prajapati +--- + hw/virtio/virtio.c | 10 ++ + include/hw/virtio/virtio.h | 7 +++ + 2 files changed, 17 insertions(+) + +diff --git a/hw/vir

[OE-core] [scarthgap][PATCH] go: fix CVE-2024-24789

2024-06-25 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc Signed-off-by: Hitendra Prajapati --- meta/recipes-devtools/go/go-1.22.2.inc| 1 + .../go/go/CVE-2024-24789.patch| 77 +++ 2 files changed, 78

[OE-core] [kirkstone][PATCH] golang: Fix CVE-2023-45289 & CVE-2023-45290

2024-03-06 Thread Hitendra Prajapati via lists.openembedded.org
CI-TryBot-Result: Go LUCI +Auto-Submit: Michael Knyszek + +Upstream-Status: Backport [https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be] +CVE: CVE-2023-45289 +Signed-off-by: Hitendra Prajapati +--- + src/net/http/client.go | 6 ++ + src/net/http/cli

[OE-core] [kirkstone][PATCH] pam: fix CVE-2024-22365 pam_namespace misses

2024-01-18 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb Signed-off-by: Hitendra Prajapati --- .../pam/libpam/CVE-2024-22365.patch | 62 +++ meta/recipes-extended/pam/libpam_1.5.2.bb | 1 + 2 files

[OE-core] [kirkstone][PATCHv2] openssl: fix CVE-2023-6237 Excessive time spent checking invalid RSA public keys

2024-01-17 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db Signed-off-by: Hitendra Prajapati --- .../openssl/openssl/CVE-2023-6237.patch | 127 ++ .../openssl/openssl_3.0.12.bb | 3 +- 2 files

[OE-core] [kirkstone][PATCH] openssl: fix CVE-2023-6237 Excessive time spent checking invalid RSA public keys

2024-01-16 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/openssl/openssl/commit/e09fc1d746a4fd15bb5c3d7bbbab950aadd005db Signed-off-by: Hitendra Prajapati --- .../openssl/openssl/CVE-2023-6237.patch | 127 ++ .../openssl/openssl_3.0.12.bb | 1 + 2 files changed

Re: [OE-core] [dunfell][PATCH] systemd: fix CVE-2023-7008

2024-01-15 Thread Hitendra Prajapati via lists.openembedded.org
Hi Steve, Yes, it is for kirkstone branch. Sorry for my mistake. Regards, Hitendra On 14/01/24 7:41 am, Steve Sakoman wrote: On Thu, Jan 11, 2024 at 6:12 PM Hitendra Prajapati via lists.openembedded.org wrote: Upstream-Status: Backport fromhttps://github.com/systemd/systemd/commit

[OE-core] [kirkstone][PATCH] systemd: fix CVE-2023-7008

2024-01-15 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Signed-off-by: Hitendra Prajapati --- .../systemd/systemd/CVE-2023-7008.patch | 40 +++ meta/recipes-core/systemd/systemd_250.5.bb| 1 + 2 files changed

[OE-core] [dunfell][PATCH] systemd: fix CVE-2023-7008

2024-01-11 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://github.com/systemd/systemd/commit/3b4cc1437b51fcc0b08da8cc3f5d1175eed25eb1 Signed-off-by: Hitendra Prajapati --- .../systemd/systemd/CVE-2023-7008.patch | 40 +++ meta/recipes-core/systemd/systemd_250.5.bb| 1 + 2 files changed

[OE-core] [dunfell][PATCH] bluez5: fix CVE-2023-45866

2023-12-25 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=25a471a83e02e1effb15d5a488b3f0085eaeb675 Signed-off-by: Hitendra Prajapati --- meta/recipes-connectivity/bluez5/bluez5.inc | 1 + .../bluez5/bluez5/CVE-2023-45866.patch| 54

[OE-core] [[dunfell][PATCH] grub: fix CVE-2023-4692 & CVE-2023-4693

2023-11-27 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?id=43651027d24e62a7a463254165e1e46e42aecdea && https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Signed-off-by: Hitendra Prajapati --- .../grub/files/

[OE-core] [kirkstone][PATCH] grub: fix CVE-2023-4693

2023-11-26 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=0ed2458cc4eff6d9a9199527e2a0b6d445802f94 Signed-off-by: Hitendra Prajapati --- .../grub/files/CVE-2023-4693.patch| 62 +++ meta/recipes-bsp/grub/grub2.inc | 1

[OE-core] [dunfell][PATCH] tiff: Security fix for CVE-2023-40745

2023-11-06 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5 Signed-off-by: Hitendra Prajapati --- .../libtiff/files/CVE-2023-40745.patch| 34 +++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 + 2 files

[OE-core] [kirkstone[PATCH] libtiff: Add fix for tiffcrop CVE-2023-1916

2023-10-16 Thread Hitendra Prajapati via lists.openembedded.org
p; https://gitlab.com/libtiff/libtiff/-/merge_requests/535 Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-1916.patch | 99 +++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files changed, 100 insertions(+) create mode 100644 meta/recipes-multimedia/libt

[OE-core] [dunfell[PATCH] xdg-utils: Fix CVE-2022-4055

2023-10-05 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780 Signed-off-by: Hitendra Prajapati --- .../xdg-utils/xdg-utils/CVE-2022-4055.patch | 165 ++ .../xdg-utils/xdg-utils_1.1.3.bb | 1 + 2

[OE-core] [kirkstone[PATCH] xdg-utils: Fix CVE-2022-4055

2023-10-04 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/f67c4d1f8bd2e3cbcb9eb49f5e897075e7426780 Signed-off-by: Hitendra Prajapati --- .../xdg-utils/xdg-utils/CVE-2022-4055.patch | 165 ++ .../xdg-utils/xdg-utils_1.1.3.bb | 1 + 2

[OE-core] [kirkstone[PATCH] libtiff: fix CVE-2022-40090 improved IFD-Loop handling

2023-10-03 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/c7caec9a4d8f24c17e667480d2c7d0d51c9fae41 Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2022-40090.patch | 569 ++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files

[OE-core] [kirkstone][PATCH] libtiff: fix CVE-2023-26966 Buffer Overflow

2023-08-30 Thread Hitendra Prajapati via lists.openembedded.org
Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-26966.patch | 35 +++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files

[OE-core] [kirkstone][PATCH] tiff: fix CVE-2023-2908,CVE-2023-3316,CVE-2023-3618

2023-08-27 Thread Hitendra Prajapati via lists.openembedded.org
-2023-3618 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37 && https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e0ac16b5cfb11acaaeaa493334f8 Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-29

Re: [OE-core] [kirkstone][PATCHv2] tiff: fix multiple CVEs

2023-08-09 Thread Hitendra Prajapati
Hi Team, Gentle reminder. Is there any issue with patch ??  what is the issue here ?? Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185721): https://lists.openembedded.org/g/openembedded-core/message/185721 Mute This Topic: ht

[OE-core] [dunfell][PATCH] tiff: fix multiple CVEs

2023-08-01 Thread Hitendra Prajapati
-2023-3618 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37 && https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e0ac16b5cfb11acaaeaa493334f8 Signed-off-by: Hitendra Prajapati --- .../libtiff/files/CVE-2023-29

Re: [OE-core] [kirkstone][PATCHv2] tiff: fix multiple CVEs

2023-08-01 Thread Hitendra Prajapati
Hi Team, Gentle reminder. Is there any issue with patch ?? Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185373): https://lists.openembedded.org/g/openembedded-core/message/185373 Mute This Topic: https://lists.openembedded.or

Re: [OE-core] [kirkstone][PATCHv2] libtiff: fix CVE-2023-26966 Buffer Overflow

2023-08-01 Thread Hitendra Prajapati
Hi Team, Gentle reminder. Is there any issue with patch ?? Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185372): https://lists.openembedded.org/g/openembedded-core/message/185372 Mute This Topic: https://lists.openembedded.or

[OE-core] [dunfell][PATCH] tiff: fix multiple CVEs

2023-07-31 Thread Hitendra Prajapati
191117-2~deb10u8.debian.tar.xz] Signed-off-by: Hitendra Prajapati --- .../libtiff/files/CVE-2023-25433.patch| 173 ++ .../files/CVE-2023-25434-CVE-2023-25435.patch | 94 ++ .../libtiff/files/CVE-2023-26965.patch| 90 + .../libtiff/files/CVE-2023-26966.pa

[OE-core] [kirkstone][PATCHv2] libtiff: fix CVE-2023-26966 Buffer Overflow

2023-07-27 Thread Hitendra Prajapati
Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-26966.patch | 35 +++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files

[OE-core] [kirkstone][PATCH] libtiff: fix CVE-2023-26966 libtiff: Buffer Overflow

2023-07-27 Thread Hitendra Prajapati
Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/b0e1c25dd1d065200c8d8f59ad0afe014861a1b9 Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-26966.patch | 35 +++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files

[OE-core] [kirkstone][PATCHv2] tiff: fix multiple CVEs

2023-07-26 Thread Hitendra Prajapati
-2023-3618 - Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37 && https://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e0ac16b5cfb11acaaeaa493334f8 Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-29

[OE-core] [kirkstone][PATCH] tiff: fix multiple CVEs

2023-07-26 Thread Hitendra Prajapati
-2023-3618 - Upstream-Status: Backport from ttps://gitlab.com/libtiff/libtiff/-/commit/b5c7d4c4e0ac16b5cfb11acaaeaa493334f8 Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-2908.patch | 33 +++ .../libtiff/tiff/CVE-2023-3316.patch | 59

[OE-core] [kirkstone][PATCH] libtiff: fix CVE-2023-26965 heap-based use after free

2023-07-25 Thread Hitendra Prajapati
Upstream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/ec8ef90c1f573c9eb1f17d6a056aa0015f184acf Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-26965.patch | 97 +++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files

[OE-core] [kirkstone][PATCH] tiff: fix multiple CVEs

2023-07-25 Thread Hitendra Prajapati
tream-Status: Backport from https://gitlab.com/libtiff/libtiff/-/commit/69818e2f2d246e6631ac2a2da692c3706b849c38 Signed-off-by: Hitendra Prajapati --- .../libtiff/tiff/CVE-2023-25433.patch | 195 ++ .../tiff/CVE-2023-25434-CVE-2023-25435.patch | 94 + meta/recipe

[OE-core] [kirkstone][PATCH] tiff: fix multiple CVEs

2023-07-24 Thread Hitendra Prajapati
-2023-0795 CVE-2023-0796 CVE-2023-0797 CVE-2023-0798 CVE-2023-0799 Signed-off-by: Hitendra Prajapati --- .../CVE-2023-0795_0796_0797_0798_0799.patch | 162 ++ meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 1 + 2 files changed, 163 insertions(+) create mode 100644 meta

[OE-core] [dunfell][PATCH] ruby/cgi-gem: CVE-2021-33621 HTTP response splitting in CGI

2023-07-19 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/ruby/cgi/commit/64c5045c0a6b84fdb938a8465a0890e5f7162708 Signed-off-by: Hitendra Prajapati --- .../ruby/ruby/CVE-2021-33621.patch| 139 ++ meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 + 2 files changed, 140

[OE-core] [kirkstone][PATCH] bind : fix CVE-2023-2828 & CVE-2023-2911

2023-07-09 Thread Hitendra Prajapati
/240caa32b9cab90a38ab863fd64e6becf5d1393c && https://gitlab.isc.org/isc-projects/bind9/-/commit/ff5bacf17c2451e9d48c78a5ef96ec0c376ff33d Signed-off-by: Hitendra Prajapati --- .../bind/bind-9.18.11/CVE-2023-2828.patch | 197 ++ .../bind/bind-9.18.11/CVE-2023-2911.patch | 97 + ...

[OE-core] [dunfell][PATCHv3] grub2: Fix Multiple CVEs

2023-07-06 Thread Hitendra Prajapati
/commit/?h=grub-2.06&id=2a330dba93ff11bc00eda76e9419bc52b0c7ead6 * CVE-2021-20233 - Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?h=grub-2.06&id=2f533a89a8dfcacbf2c9dbc77d910f111f24bf33 Signed-off-by: Hitendra Prajapati --- .../grub/files/CVE-2020-27749

Re: [OE-core] [dunfell][PATCH] grub2: fix CVE-2020-27749 Stack buffer overflow

2023-07-06 Thread Hitendra Prajapati
Hi Steve, I have added v2 : *https://lists.openembedded.org/g/openembedded-core/message/183996* Thank you. Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#183997): https://lists.openembedded.org/g/openembedded-core/message/183997 Mute Th

[OE-core] [dunfell][PATCHv2] grub2: Fix Multiple CVEs

2023-07-06 Thread Hitendra Prajapati
6&id=2a330dba93ff11bc00eda76e9419bc52b0c7ead6 * CVE-2021-20233 - Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?h=grub-2.06&id=2f533a89a8dfcacbf2c9dbc77d910f111f24bf33 Signed-off-by: Hitendra Prajapati --- .../grub/files/CVE-2020-27749.patch

[OE-core] [dunfell][PATCH] grub2: Fix Multiple CVEs

2023-07-06 Thread Hitendra Prajapati
6&id=2a330dba93ff11bc00eda76e9419bc52b0c7ead6 * CVE-2021-20233 - Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/grub.git/commit/?h=grub-2.06&id=2f533a89a8dfcacbf2c9dbc77d910f111f24bf33 Signed-off-by: Hitendra Prajapati --- .../grub/files/CVE-2020-27749.patch

[OE-core] [dunfell][PATCH] grub2: fix CVE-2021-20233 Heap out-of-bounds write error

2023-07-06 Thread Hitendra Prajapati
Upstream-Status: Backport [https://launchpad.net/debian/+source/grub2/2.02+dfsg1-20+deb10u4/] Signed-off-by: Hitendra Prajapati --- .../grub/files/CVE-2021-20233.patch | 50 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 51 insertions

[OE-core] [dunfell][PATCH] grub2: CVE-2021-20225 Heap out-of-bounds write in short form option parser

2023-07-05 Thread Hitendra Prajapati
Upstream-Status: Backport [https://launchpad.net/debian/+source/grub2/2.02+dfsg1-20+deb10u4/] Signed-off-by: Hitendra Prajapati --- .../grub/files/CVE-2021-20225.patch | 57 +++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 58 insertions

[OE-core] [dunfell][PATCH] grub2: fix CVE-2020-27749 Stack buffer overflow

2023-07-05 Thread Hitendra Prajapati
Upstream-Status: Backport [https://launchpad.net/debian/+source/grub2/2.02+dfsg1-20+deb10u4/] Signed-off-by: Hitendra Prajapati --- .../grub/files/CVE-2020-27749.patch | 609 ++ meta/recipes-bsp/grub/grub2.inc | 1 + 2 files changed, 610 insertions

[OE-core] [dunfell][PATCH] go: fix CVE-2023-29402 & CVE-2023-29404

2023-06-28 Thread Hitendra Prajapati
: Hitendra Prajapati --- meta/recipes-devtools/go/go-1.14.inc | 2 + .../go/go-1.14/CVE-2023-29402.patch | 201 ++ .../go/go-1.14/CVE-2023-29404.patch | 84 3 files changed, 287 insertions(+) create mode 100644 meta/recipes-devtools/go/go-1.14/CVE

[OE-core] [kirkstone][PATCH] libcap: CVE-2023-2602 Memory Leak on pthread_create() Error

2023-06-25 Thread Hitendra Prajapati
Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/patch/?id=bc6b36682f188020ee4770fae1d41bde5b2c97bb Signed-off-by: Hitendra Prajapati --- .../libcap/files/CVE-2023-2602.patch | 45 +++ meta/recipes-support/libcap/libcap_2.66.bb

[OE-core] [dunfell][PATCH] openssl: CVE-2023-2650 Possible DoS translating ASN.1 object identifiers

2023-06-15 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/openssl/openssl/commit/9e209944b35cf82368071f160a744b6178f9b098 Signed-off-by: Hitendra Prajapati --- .../openssl/openssl/CVE-2023-2650.patch | 122 ++ .../openssl/openssl_1.1.1t.bb | 1 + 2 files changed

[OE-core] [kirkstone][PATCHv2] sysstat: Fix CVE-2023-33204

2023-05-30 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/sysstat/sysstat/commit/954ff2e2673c Signed-off-by: Hitendra Prajapati --- .../sysstat/sysstat/CVE-2023-33204.patch | 80 +++ .../sysstat/sysstat_12.4.5.bb | 5 +- 2 files changed, 83 insertions(+), 2

[OE-core] [kirkstone][PATCH] sysstat: Fix CVE-2023-33204

2023-05-30 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/sysstat/sysstat/commit/6f8dc568e6ab072bb8205b732f04e685bf9237c0 Signed-off-by: Hitendra Prajapati --- .../sysstat/sysstat/CVE-2023-33204.patch | 80 +++ .../sysstat/sysstat_12.4.5.bb | 5 +- 2 files changed

[OE-core] [dunfell][PATCHv2] git: fix CVE-2023-25652

2023-05-17 Thread Hitendra Prajapati
/9db05711c98efc14f414d4c87135a34c13586e0b Signed-off-by: Hitendra Prajapati --- .../git/files/CVE-2023-25652.patch| 94 +++ meta/recipes-devtools/git/git.inc | 1 + 2 files changed, 95 insertions(+) create mode 100644 meta/recipes-devtools/git/files/CVE-2023-25652.patch diff --git a

Re: [OE-core] [dunfell][PATCH] curl: CVE-2023-27534 SFTP path ~ resolving discrepancy

2023-05-16 Thread Hitendra Prajapati
e or Siddharth. Thank you Siddharth. Regards, Hitendra  Prajapati// On 17/05/23 00:08, Abdurrahman Hussain (fib) wrote: Hi Hitendra, Any update on this? This should be reverted since the dynbuf APIs are not available in curl 7.69. Regards, Abdurrahman *From:* openembedded-

Re: [OE-core] [dunfell][PATCH] curl: CVE-2023-27534 SFTP path ~ resolving discrepancy

2023-05-16 Thread Hitendra Prajapati
APIs are not available in curl 7.69. Regards, Abdurrahman *From:* openembedded-core@lists.openembedded.org *On Behalf Of *Hitendra Prajapati *Sent:* Friday, May 12, 2023 4:26 AM *To:* Steve Sakoman *Cc:* openembedded-core@lists.openembedded.org *Subject:* Re: [OE-core] [dunfell][PATCH] curl

[OE-core] [dunfell][PATCH] git: fix CVE-2023-29007

2023-05-15 Thread Hitendra Prajapati
ommit/29198213c9163c1d552ee2bdbf78d2b09ccc98b8 https://github.com/git/git/commit/a5bb10fd5e74101e7c07da93e7c32bbe60f6173a https://github.com/git/git/commit/e91cfe6085c4a61372d1f800b473b73b8d225d0d https://github.com/git/git/commit/3bb3d6bac5f2b496dfa2862dc1a84cbfa9b4449a Signed-off-by: Hitendra Prajapati --- .../git/files/CVE

[OE-core] [dunfell][PATCH] git: fix CVE-2023-25652

2023-05-14 Thread Hitendra Prajapati
/9db05711c98efc14f414d4c87135a34c13586e0b Signed-off-by: Hitendra Prajapati --- .../git/files/CVE-2023-25652.patch| 95 +++ meta/recipes-devtools/git/git.inc | 1 + 2 files changed, 96 insertions(+) create mode 100644 meta/recipes-devtools/git/files/CVE-2023-25652.patch diff --git a

Re: [OE-core] [dunfell][PATCHv3] curl: Security fix for CVE-2023-27534

2023-05-12 Thread Hitendra Prajapati
++ On 12/05/23 17:02, Hitendra Prajapati wrote: Hi Siddharth, Thank you for looking into this issue while I'm away from work. Thank you & Regards, Hitendra -- Regards, Hitendra Prajapati MontaVista Software LLC -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to t

Re: [OE-core] [dunfell][PATCHv3] curl: Security fix for CVE-2023-27534

2023-05-12 Thread Hitendra Prajapati
Hi Siddharth, Thank you for looking into this issue while I'm away from work. Thank you & Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#181178): https://lists.openembedded.org/g/openembedded-core/message/181178 Mute This Topic:

Re: [OE-core] [dunfell][PATCH] curl: CVE-2023-27534 SFTP path ~ resolving discrepancy

2023-05-12 Thread Hitendra Prajapati
bssh2` i.e. PACKAGECONFIG_append = " libssh2"): https://bugzilla.yoctoproject.org/show_bug.cgi?id=15114 Could you investigate and advise whether there is an easy fix or whether we should revert? Thanks, Steve On Fri, Apr 14, 2023 at 12:55 AM Hitendra Prajapati wrote: Upstream-Status:

[OE-core] [kirkstone][PATCH] connman: fix CVE-2023-28488 DoS in client.c

2023-05-02 Thread Hitendra Prajapati
Upstream-Status: Backport from https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=99e2c16ea1cced34a5dc450d76287a1c3e762138 Signed-off-by: Hitendra Prajapati --- .../connman/connman/CVE-2023-28488.patch | 60 +++ .../connman/connman_1.41.bb

[OE-core] [kirkstone][PATCH] screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs

2023-04-20 Thread Hitendra Prajapati
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Signed-off-by: Hitendra Prajapati --- .../screen/screen/CVE-2023-24626.patch| 40 +++ meta/recipes-extended/screen/screen_4.9.0.bb | 1 + 2

[OE-core] [dunfell][PATCH] screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs

2023-04-19 Thread Hitendra Prajapati
Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/screen.git/commit/?id=e9ad41bfedb4537a6f0de20f00b27c7739f168f7 Signed-off-by: Hitendra Prajapati --- .../screen/screen/CVE-2023-24626.patch| 40 +++ meta/recipes-extended/screen/screen_4.8.0.bb | 1 + 2

Re: [OE-core] [kirkstone][PATCH] curl: CVE-2023-27538 fix SSH connection too eager reuse

2023-04-17 Thread Hitendra Prajapati
sage/180143 Could you review the above patch and ack if you approve. It would be nice to fix all three patches in a single commit if possible. Thanks! Steve On Sun, Apr 16, 2023 at 10:05 PM Hitendra Prajapati wrote: Upstream-Status: Backport fromhttps://github.com/curl/curl/co

[OE-core] [kirkstone][PATCH] curl: CVE-2023-27538 fix SSH connection too eager reuse

2023-04-17 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb Signed-off-by: Hitendra Prajapati --- .../curl/curl/CVE-2023-27538.patch| 31 +++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 32

[OE-core] [dunfell][PATCH] curl: CVE-2023-27538 fix SSH connection too eager reuse

2023-04-16 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/curl/curl/commit/af369db4d3833272b8ed443f7fcc2e757a0872eb Signed-off-by: Hitendra Prajapati --- .../curl/curl/CVE-2023-27538.patch| 31 +++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 2 files changed, 32

[OE-core] [kirkstone][PATCH] ruby: CVE-2023-28756 ReDoS vulnerability in Time

2023-04-16 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e Signed-off-by: Hitendra Prajapati --- .../ruby/ruby/CVE-2023-28756.patch| 73 +++ meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 + 2 files changed, 74

[OE-core] [dunfell][PATCH] curl: CVE-2023-27534 SFTP path ~ resolving discrepancy

2023-04-14 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 Signed-off-by: Hitendra Prajapati --- .../curl/curl/CVE-2023-27534.patch| 123 ++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 2 files changed, 124

[OE-core] [dunfell][PATCH] ruby: CVE-2023-28756 ReDoS vulnerability in Time

2023-04-12 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/ruby/ruby/commit/957bb7cb81995f26c671afce0ee50a5c660e540e Signed-off-by: Hitendra Prajapati --- .../ruby/ruby/CVE-2023-28756.patch| 61 +++ meta/recipes-devtools/ruby/ruby_2.7.6.bb | 1 + 2 files changed, 62

[OE-core] [kirkstone][PATCH] curl: CVE-2023-27534 SFTP path resolving discrepancy

2023-04-11 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a0f1494155717b02cc1df6d6 Signed-off-by: Hitendra Prajapati --- .../curl/curl/CVE-2023-27534.patch| 122 ++ meta/recipes-support/curl/curl_7.82.0.bb | 1 + 2 files changed, 123

[OE-core] [kirkstone][PATCH] curl: CVE-2023-27533 TELNET option IAC injection

2023-04-11 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/curl/curl/commit/0c28ba2faae2d7da780a66d2446045a560192cdc && https://github.com/curl/curl/commit/538b1e79a6e7b0bb829ab4cecc828d32105d0684 Signed-off-by: Hitendra Prajapati --- .../curl/curl/CVE-2023-27533.patch

[OE-core] [dunfell][PATCH] qemu: fix compile error which imported by CVE-2022-4144

2023-04-02 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/qemu/qemu/commit/61c34fc && https://gitlab.com/qemu-project/qemu/-/commit/8efec0ef8bbc1e75a7ebf6e325a35806ece9b39f Signed-off-by: Hitendra Prajapati --- meta/recipes-devtools/qemu/qemu.inc | 1 + ...ass-requested-buffer

[OE-core] [dunfell][PATCH] curl: CVE-2023-23916 HTTP multi-header compression denial of service

2023-03-27 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/curl/curl/commit/119fb187192a9ea13dc90d9d20c215fc82799ab9 Signed-off-by: Hitendra Prajapati --- .../curl/curl/CVE-2023-23916.patch| 231 ++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 2 files changed, 232

[OE-core] [kirkstone][PATCH] less: backport the fix for CVE-2022-46663

2023-02-28 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c Signed-off-by: Hitendra Prajapati --- .../less/less/CVE-2022-46663.patch| 31 +++ meta/recipes-extended/less/less_600.bb| 1 + 2 files changed, 32

Re: [OE-core] [dunfell 1/4] cve-extra-exclusions.inc: Use CVE_CHECK_WHITELIST

2023-02-28 Thread Hitendra Prajapati
Hi Ranjitsinh, Any specific reason to ignore the QEMU: CVE-2021-20255  CVE ?? Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#177863): https://lists.openembedded.org/g/openembedded-core/message/177863 Mute This Topic: https://lis

[OE-core] [dunfell][PATCH] curl: fix CVE-2022-43552 Use-after-free triggered by an HTTP proxy deny response

2023-02-20 Thread Hitendra Prajapati
Upstream-Status: Backport from https://github.com/curl/curl/commit/4f20188ac644afe174be6005ef4f6ffba232b8b2 Signed-off-by: Hitendra Prajapati --- .../curl/curl/CVE-2022-43552.patch| 82 +++ meta/recipes-support/curl/curl_7.69.1.bb | 1 + 2 files changed, 83

[OE-core] [dunfell][PATCH] git: CVE-2022-23521 gitattributes parsing integer overflow

2023-02-19 Thread Hitendra Prajapati
6d & https://github.com/git/git/commit/d74b1fd54fdbc45966d12ea907dece11e072fb2b & https://github.com/git/git/commit/dfa6b32b5e599d97448337ed4fc18dd50c90758f & https://github.com/git/git/commit/3c50032ff5289cc45659f21949c8d09e52164579 Signed-off-by: Hitendra Prajapati ---

[OE-core] [dunfell][PATCH] xserver-xorg: Fix Multiple CVEs

2023-01-23 Thread Hitendra Prajapati
mit/8f454b793e1f13c99872c15f0eed1d7f3b823fe8 Signed-off-by: Hitendra Prajapati --- .../xserver-xorg/CVE-2022-4283.patch | 39 + .../xserver-xorg/CVE-2022-46340.patch | 55 .../xserver-xorg/CVE-2022-46341.patch | 86 +++ .../xserver-xorg/CVE-2022-46342.pa

  1   2   >