Re: [OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237

r NVD it affects version upto 3.1 (including) https://nvd.nist.gov/vuln/detail/CVE-2015-5237#range-6634983 Thanks and Regards, Rahul Taya From: openembedded-core@lists.openembedded.org on behalf of Steve Sakoman via lists.openembedded.org Sent: Tuesday, June 15,

[OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237

/CVE-2015-5237 3. https://ubuntu.com/security/CVE-2015-5237 4. https://github.com/protocolbuffers/protobuf/issues/760 Signed-off-by: Rahul Taya --- meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 1 file changed, 8 insertions(+) diff --git a/meta-oe/recipes-devtools/protobuf

[OE-core] [meta-oe][dunfell][PATCH] protobuf: Whitelist CVE-2015-5237

/CVE-2015-5237 3. https://ubuntu.com/security/CVE-2015-5237 4. https://github.com/protocolbuffers/protobuf/issues/760 Upstream-Status: Pending Signed-off-by: Rahul Taya --- meta-oe/recipes-devtools/protobuf/protobuf_3.11.4.bb | 8 1 file changed, 8 insertions(+) diff --git a/meta-oe

[OE-core] Subscribe

-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152924): https://lists.openembedded.org/g/openembedded-core/message/152924 Mute This Topic: https://lists.openembedded.org/mt/83526830/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org

[OE-core] [poky][dunfell][PATCH] qemu: Add fix for CVE-2020-13791

Added below patch to fix CVE-2020-13791 CVE-2020-13791.patch Signed-off-by: Rahul Taya --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2020-13791.patch| 52 +++ 2 files changed, 53 insertions(+) create mode 100644 meta/recipes-devtools

Re: [OE-core] [meta-openembedded][dunfell][PATCH] nghttp2: Add fix for CVE-2020-11080

s.openembedded.org> openembedded-de...@lists.openembedded.org<mailto:openembedded-de...@lists.openembedded.org> but not able to see my sent posts. Can you please help here ? Thanks and Regards, Rahul Taya From: akuster808 Sent: Monday, February 22, 2021 12

Re: [OE-core] [meta-openembedded][dunfell][PATCH] nghttp2: Add fix for CVE-2020-11080

which is the correct ML for sending this patch ? Thanks and Regards, Rahul Taya From: akuster808 Sent: Tuesday, February 16, 2021 9:32 PM To: Rahul Taya ; Openembedded-core@lists.openembedded.org ; raj.k...@gmail.com Cc: Nisha Parrakat ; Harpritkaur Bhandari

[OE-core] [meta-openembedded][dunfell][PATCH] nghttp2: Add fix for CVE-2020-11080

Added patch for CVE-2020-11080 taken from below link: https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090 Signed-off-by: Rahul Taya --- .../nghttp2/nghttp2/CVE-2020-11080.patch | 306 ++ .../recipes-support/nghttp2/nghttp2_1.40.0.bb | 1 + 2

[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2011-5325

Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2011-5325-4.patch Signed-off-by: Rahul.Taya --- .../busybox

[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2018-20679

Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2018-20679.patch Signed-off-by: Rahul.Taya --- .../busybox/

[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2018-1000517

Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2018-1000517.patch Signed-off-by: Rahul.Taya --- .../busybo

[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2011-5325

Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2011-5325-5.patch Signed-off-by: Rahul.Taya --- .../busybox

[OE-core] [poky][sumo][PATCH] busybox: Add fix for CVE-2019-5747

Applied patch that Ubuntu applied to busybox 1.27.2 The patch is available from file: http://archive.ubuntu.com/ubuntu/pool/main/b/busybox/busybox_1.27.2-2ubuntu3.2.debian.tar.xz in path debian/patches/. The below patch is added: CVE-2019-5747.patch Signed-off-by: Rahul.Taya --- .../busybox/b

[OE-core] [poky][sumo][PATCH] libxml2: add patch for CVE-2019-19956

From: Rahul Taya Fixes memory leak. https://security-tracker.debian.org/tracker/CVE-2019-19956 https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549 Signed-off-by: Rahul.Taya --- .../libxml/libxml2/CVE-2019-19956.patch | 29 +++ meta

[OE-core] [poky][sumo][PATCH] libjpeg-turbo: add security fix for CVE-2018-14498

From: Rahul Taya This patch fixes OOB read caused by malformed 8-bit BMP Signed-off-by: Rahul.Taya --- .../jpeg/files/CVE-2018-14498.patch | 145 ++ .../jpeg/libjpeg-turbo_1.5.3.bb | 4 +- 2 files changed, 148 insertions(+), 1 deletion(-) create mode