Re: [OE-core][master][styhead][scarthgap][PATCH] libtasn1: upgrade 4.19.0 -> 4.20.0

2025-02-28 Thread Vijay Anusuri via lists.openembedded.org
Hi Team, Any Update on this ? Thanks & Regards, Vijay On Mon, Feb 24, 2025 at 12:00 PM wrote: > From: Vijay Anusuri > > * Noteworthy changes in release 4.20.0 (2025-02-01) [stable] > - The release tarball is now reproducible. > - We publish a minimal source-only tarbal

[OE-core][kirkstone][PATCH 9/9] bind: Upgrade 9.18.28 -> 9.18.33

2025-02-27 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Includes security fixes for CVE-2024-12705 CVE-2024-11187 and other bug fixes Release Notes: https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-33 https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-32

[OE-core][kirkstone][PATCH 8/9] xserver-xorg: Fix for CVE-2025-26601

2025-02-27 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/16a1242d & https://gitlab.freedesktop.org/xorg/xserver/-/commit/f52cea2f & https://gitlab.freedesktop.org/xorg/xserver/-/commit/8cbc90c8 & https://gitlab.freedesktop.org/xorg/xser

[OE-core][kirkstone][PATCH 5/9] xserver-xorg: Fix for CVE-2025-26598

2025-02-27 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/bba9df1a Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-26598.patch | 120 ++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 1 + 2 files changed

[OE-core][kirkstone][PATCH 2/9] xserver-xorg: Fix for CVE-2025-26595

2025-02-27 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/11fcda87 Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-26595.patch | 65 +++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 1 + 2 files changed, 66

[OE-core][kirkstone][PATCH 6/9] xserver-xorg: Fix for CVE-2025-26599

2025-02-27 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/c1ff84be & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b07192a8 Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-26599-1.patch | 66 + .../xserver-

[OE-core][kirkstone][PATCH 7/9] xserver-xorg: Fix for CVE-2025-26600

2025-02-27 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/6e0f332b Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-26600.patch | 68 +++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 1 + 2 files changed, 69

[OE-core][kirkstone][PATCH 4/9] xserver-xorg: Fix for CVE-2025-26597

2025-02-27 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/0e4ed949 Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-26597.patch | 46 +++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 1 + 2 files changed, 47

[OE-core][kirkstone][PATCH 3/9] xserver-xorg: Fix for CVE-2025-26596

2025-02-27 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/80d69f01 Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-26596.patch | 49 +++ .../xorg-xserver/xserver-xorg_21.1.8.bb | 1 + 2 files changed, 50

[OE-core][kirkstone][PATCH 1/9] xserver-xorg: Fix for CVE-2025-26594

2025-02-27 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/01642f26 & https://gitlab.freedesktop.org/xorg/xserver/-/commit/b0a09ba6 Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2025-26594-1.patch

[OE-core][PATCH] xwayland: upgrade 24.1.5 -> 24.1.6

2025-02-26 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Includes security fix * CVE-2025-26594 * CVE-2025-26595 * CVE-2025-26596 * CVE-2025-26597 * CVE-2025-26598 * CVE-2025-26599 * CVE-2025-26600 * CVE-2025-26601 Ref: https://lists.x.org/archives/xorg-announce/2025-February/003584.html https://lists.x.org

[OE-core][PATCH] xserver-xorg: upgrade 21.1.15 -> 21.1.16

2025-02-26 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Includes security fix * CVE-2025-26594 * CVE-2025-26595 * CVE-2025-26596 * CVE-2025-26597 * CVE-2025-26598 * CVE-2025-26599 * CVE-2025-26600 * CVE-2025-26601 Ref: https://lists.x.org/archives/xorg-announce/2025-February/003584.html https://lists.x.org

[OE-core][scarthgap][PATCH] curl: Backport fix for CVE-2024-11053

2025-02-26 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport https://github.com/curl/curl/commit/9bee39bfed2c413b4cc4eb306a57ac92a1854907 & https://github.com/curl/curl/commit/e9b9bbac22c26cf6731 & https://github.com/curl/curl/commit/9fce2c55d4b0273ac99 Reference: https://curl.se/docs/CVE-2024-11

[OE-core][scarthgap][PATCH] bind: Upgrade 9.18.28 -> 9.18.33

2025-02-25 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Includes security fixes for CVE-2024-12705 CVE-2024-11187 and other bug fixes Release Notes: https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-33 https://downloads.isc.org/isc/bind9/9.18.33/doc/arm/html/notes.html#notes-for-bind-9-18-32

[OE-core][master][styhead][scarthgap][PATCH] libtasn1: upgrade 4.19.0 -> 4.20.0

2025-02-23 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri * Noteworthy changes in release 4.20.0 (2025-02-01) [stable] - The release tarball is now reproducible. - We publish a minimal source-only tarball generated by 'git archive'. - Update gnulib files and various build/maintenance fixes. - Fix CVE-2024-12133: Potent

[OE-core][kirkstone][PATCH] libxml2: Fix for CVE-2022-49043

2025-02-12 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/5a19e21605398cef6a8b1452477a8705cb41562b] Reference: https://access.redhat.com/security/cve/cve-2022-49043 Signed-off-by: Vijay Anusuri --- .../libxml/libxml2/CVE-2022-49043.patch | 38

[OE-core][kirkstone][PATCH v2 7/9] gstreamer1.0-plugins-good: Fix CVE-2024-47613

2025-01-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041 Signed-off-by: Vijay Anusuri --- .../CVE-2024-47613.patch | 53 +++ .../gstreamer1.0-plugins-good_1.20.7.bb | 1 + 2 files changed, 54 insertions

[OE-core][kirkstone][PATCH v2 3/9] gstreamer1.0-plugins-good: fix several CVE's

2025-01-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Fixes for below CVEs: CVE-2024-47537 CVE-2024-47539 CVE-2024-47543 CVE-2024-47544 CVE-2024-47545 CVE-2024-47546 CVE-2024-47596 CVE-2024-47597 CVE-2024-47598 Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8059 Signed-off-by: Vijay Anusuri

[OE-core][kirkstone][PATCH v2 9/9] gstreamer1.0-plugins-good: Fix multiple CVE's

2025-01-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Fixes for below CVEs: CVE-2024-47775 CVE-2024-47776 CVE-2024-4 CVE-2024-47778 Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 Signed-off-by: Vijay Anusuri --- .../CVE-2024-47775_47776_4_47778-1.patch | 171

[OE-core][kirkstone][PATCH v2 8/9] gstreamer1.0-plugins-good: Fix CVE-2024-47774

2025-01-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043 Signed-off-by: Vijay Anusuri --- .../CVE-2024-47774.patch | 46 +++ .../gstreamer1.0-plugins-good_1.20.7.bb | 1 + 2 files changed, 47 insertions

[OE-core][kirkstone][PATCH v2 6/9] gstreamer1.0-plugins-good: Fix CVE-2024-47606

2025-01-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032 Signed-off-by: Vijay Anusuri --- .../CVE-2024-47606.patch | 44 +++ .../gstreamer1.0-plugins-good_1.20.7.bb | 1 + 2 files changed, 45 insertions

[OE-core][kirkstone][PATCH v2 5/9] gstreamer1.0-plugins-good: Fix multiple CVEs

2025-01-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Fixes for below CVEs: CVE-2024-47540 CVE-2024-47601 CVE-2024-47602 CVE-2024-47603 CVE-2024-47834 Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 Signed-off-by: Vijay Anusuri --- ...2024-47540_47601_47602_47603_47834-1.patch | 56

[OE-core][kirkstone][PATCH v2 4/9] gstreamer1.0-plugins-good: Fix for CVE-2024-47599

2025-01-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040 Signed-off-by: Vijay Anusuri --- .../CVE-2024-47599.patch | 99 +++ .../gstreamer1.0-plugins-good_1.20.7.bb | 1 + 2 files changed, 100

[OE-core][kirkstone][PATCH v2 1/9] gstreamer1.0-plugins-base: Fix for multiple CVE's

2025-01-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Backport fixes for below CVE: CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835 Signed-off-by: Vijay Anusuri --- .../CVE-2024-47538.patch | 35 .../CVE-2024-47541-1.patch

[OE-core][kirkstone][PATCH v2 2/9] gstreamer1.0: Backport fix for CVE-2024-47606

2025-01-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72af11b248b4cb60d3dfe4e9459eec0d20052c9b] Signed-off-by: Vijay Anusuri --- .../gstreamer1.0/CVE-2024-47606.patch | 56 +++ .../gstreamer/gstreamer1.0_1.20.7.bb

[OE-core][kirkstone][PATCH 1/7] gstreamer1.0-plugins-good: fix several CVEs

2025-01-02 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Fixes for below CVEs: CVE-2024-47537 CVE-2024-47539 CVE-2024-47543 CVE-2024-47544 CVE-2024-47545 CVE-2024-47546 CVE-2024-47596 CVE-2024-47597 CVE-2024-47598 Signed-off-by: Vijay Anusuri --- ...o-sized-boxes-instead-of-stopping-to.patch | 124 + ...ger-overflow-when

[OE-core][kirkstone][PATCH 7/7] gstreamer1.0-plugins-good: Fix multiple CVEs

2025-01-02 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Fixes below CVEs: CVE-2024-47775 CVE-2024-47776 CVE-2024-4 CVE-2024-47778 Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8042 Signed-off-by: Vijay Anusuri --- ...or-short-reads-when-parsing-headers-.patch | 171 ++ ...re

[OE-core][kirkstone][PATCH 6/7] gstreamer1.0-plugins-good: Fix CVE-2024-47774

2025-01-02 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8043 Signed-off-by: Vijay Anusuri --- ...size-checks-and-avoid-overflows-when.patch | 46 +++ .../gstreamer1.0-plugins-good_1.20.7.bb | 1 + 2 files changed, 47 insertions

[OE-core][kirkstone][PATCH 2/7] gstreamer1.0-plugins-good: Fix for CVE-2024-47599

2025-01-02 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8040 Signed-off-by: Vijay Anusuri --- ...ly-error-out-on-negotiation-failures.patch | 99 +++ .../gstreamer1.0-plugins-good_1.20.7.bb | 1 + 2 files changed, 100

[OE-core][kirkstone][PATCH 5/7] gstreamer1.0-plugins-good: Fix CVE-2024-47613

2025-01-02 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8041 Signed-off-by: Vijay Anusuri --- ...ck-if-initializing-the-video-info-ac.patch | 53 +++ .../gstreamer1.0-plugins-good_1.20.7.bb | 1 + 2 files changed, 54 insertions

[OE-core][kirkstone][PATCH 3/7] gstreamer1.0-plugins-good: Fix multiple CVEs

2025-01-02 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Fixes for below CVEs: CVE-2024-47540 CVE-2024-47601 CVE-2024-47602 CVE-2024-47603 CVE-2024-47834 Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8057 Signed-off-by: Vijay Anusuri --- ...ly-unmap-GstMapInfo-in-WavPack-heade.patch | 56

[OE-core][kirkstone][PATCH 4/7] gstreamer1.0-plugins-good: Fix CVE-2024-47606

2025-01-02 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream: https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8032 Signed-off-by: Vijay Anusuri --- ...teger-overflow-when-parsing-Theora-e.patch | 44 +++ .../gstreamer1.0-plugins-good_1.20.7.bb | 1 + 2 files changed, 45 insertions

[OE-core][kirkstone][PATCH] gstreamer1.0: Backport fix for CVE-2024-47606

2024-12-30 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/72af11b248b4cb60d3dfe4e9459eec0d20052c9b] Signed-off-by: Vijay Anusuri --- .../gstreamer1.0/CVE-2024-47606.patch | 56 +++ .../gstreamer/gstreamer1.0_1.20.7.bb

[OE-core][kirkstone][PATCH] gstreamer1.0-plugins-base: Fix for multiple CVE's

2024-12-30 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Backport fixes for below CVE: CVE-2024-47538 CVE-2024-47541 CVE-2024-47542 CVE-2024-47600 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835 Signed-off-by: Vijay Anusuri --- .../CVE-2024-47538.patch | 35 .../CVE-2024-47541-1.patch

[OE-core][kirkstone][PATCH] libsndfile1: Backport fix for CVE-2022-33065

2024-12-19 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Added missing commits for complete CVE fix Ref: https://github.com/libsndfile/libsndfile/issues/833 https://ubuntu.com/security/CVE-2022-33065 Signed-off-by: Vijay Anusuri --- ...022-33065.patch => CVE-2022-33065-1.patch} | 0 .../libsndfile1/CVE-2022-33065

[OE-core][kirkstone][PATCH] libsoup-2.4: Backport fix for CVE-2024-52531

2024-11-28 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri import patch from ubuntu to fix CVE-2024-52531 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://gitlab.gnome.org/GNOME/libsoup/-/commit

Re: [OE-core] [kirkstone][PATCH] libsoup: fix CVE-2024-52530/CVE-2024-52531/CVE-2024-52532

2024-11-27 Thread Vijay Anusuri via lists.openembedded.org
Hi Changqing Li, Fixes for CVE-2024-52530 and CVE-2024-52532 already submitted and landed in kirkstone-nut. https://git.openembedded.org/openembedded-core-contrib/commit/?h=stable/kirkstone-nut&id=5c96ff64b5c29e589d776d23dbbed64ad526a997 Could you please send a v2 patch for CVE-2024-52531. Than

[OE-core][kirkstone][PATCH] libsoup-2.4: Backport fix for CVE-2024-52530 and CVE-2024-52532

2024-11-20 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b & https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be & https://gitlab.gnome.org/GNOME/libsoup/

[OE-core][kirkstone][PATCH] libsoup: Fix for CVE-2024-52530 and CVE-2024-52532

2024-11-18 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/commit/04df03bc092ac20607f3e150936624d4f536e68b & https://gitlab.gnome.org/GNOME/libsoup/-/commit/6adc0e3eb74c257ed4e2a23eb4b2774fdb0d67be & https://gitlab.gnome.org/GNOME/libsoup/

Re: [OE-core][kirkstone][PATCH] glib-2.0: Backport fix for CVE-2024-52533

2024-11-18 Thread Vijay Anusuri via lists.openembedded.org
} > > https://valkyrie.yoctoproject.org/#/builders/73/builds/403 > https://valkyrie.yoctoproject.org/#/builders/61/builds/403 > > Steve > > On Thu, Nov 14, 2024 at 4:39 AM Vijay Anusuri via > lists.openembedded.org > wrote: > > > > From: Vijay An

[OE-core][kirkstone][PATCH] ghostscript: Backport fix for multiple CVE's

2024-11-14 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri import patch from ubuntu to fix CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46955 CVE-2024-46956 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/ghostscript/tree/debian/patches?h=ubuntu/jammy-security Upstream commit

[OE-core][kirkstone][PATCH] glib-2.0: Backport fix for CVE-2024-52533

2024-11-14 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533 Signed-off-by: Vijay Anusuri --- .../glib-2.0/glib-2.0/CVE-2024-52533.patch| 49

[OE-core][scarthgap][PATCH] glib-2.0: Backport fix for CVE-2024-52533

2024-11-13 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/glib/-/commit/ec0b708b981af77fef8e4bbb603cde4de4cd2e29 Reference: https://security-tracker.debian.org/tracker/CVE-2024-52533 Signed-off-by: Vijay Anusuri --- .../glib-2.0/glib-2.0/CVE-2024-52533.patch| 49

Re: [OE-core][kirkstone][PATCH] curl: Fix for CVE-2024-9681

2024-11-12 Thread Vijay Anusuri via lists.openembedded.org
> > Peter > > > -Original Message- > > From: openembedded-core@lists.openembedded.org > c...@lists.openembedded.org> On Behalf Of Vijay Anusuri via > > lists.openembedded.org > > Sent: Tuesday, November 12, 2024 14:34 > > To: openembedded-core@lists.o

[OE-core][kirkstone][PATCH] curl: Fix for CVE-2024-9681

2024-11-12 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Ref: https://curl.se/docs/CVE-2024-9681.html Upstream-Commit: https://github.com/curl/curl/commit/a94973805df96269bf3f3bf0a20ccb9887313316 Signed-off-by: Vijay Anusuri --- .../curl/curl/CVE-2024-9681.patch | 88 +++ meta/recipes-support/curl

[OE-core][PATCH] xwayland: upgrade 24.1.3 -> 24.1.4

2024-11-05 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Includes security fix CVE-2024-9632 Ref: https://lists.x.org/archives/xorg/2024-October/061766.html Signed-off-by: Vijay Anusuri --- .../xwayland/{xwayland_24.1.3.bb => xwayland_24.1.4.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/reci

[OE-core][master][styhead][scarthgap][PATCH] xserver-xorg: upgrade 21.1.13 -> 21.1.14

2024-11-04 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Includes security fix CVE-2024-9632 Ref: https://lists.x.org/archives/xorg/2024-October/061765.html Signed-off-by: Vijay Anusuri --- .../{xserver-xorg_21.1.13.bb => xserver-xorg_21.1.14.bb}| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/reci

Re: [OE-core][kirkstone 10/11] orc: upgrade 0.4.32 -> 0.4.39

2024-10-27 Thread Vijay Anusuri via lists.openembedded.org
ning! This email originated outside of the > organization! Do not click links or open attachments unless you recognize > the sender and know the content is safe. > > > > > > > > From: Vijay Anusuri > > > > Include security fix CVE-2024-40897 > > > > Ref: https://g

[OE-core][kirkstone][PATCH] cups: Backport fix for CVE-2024-47175

2024-10-03 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://github.com/OpenPrinting/cups/commit/9939a70b750edd9d05270060cc5cf62ca98cfbe5 & https://github.com/OpenPrinting/cups/commit/04bb2af4521b56c1699a2c2431c56c05a7102e69 & https://github.com/OpenPrinting/cup

[OE-core][kirkstone][PATCH] curl: backport Debian patch for CVE-2024-8096

2024-09-22 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri import patch from ubuntu to fix CVE-2024-8096 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://github.com/curl/curl/commit

[OE-core][scarthgap][PATCH] libpcap: Security fix for CVE-2023-7256 & CVE-2024-8006

2024-09-18 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Reference: https://security-tracker.debian.org/tracker/CVE-2023-7256 https://security-tracker.debian.org/tracker/CVE-2024-8006 Upstream commits: https://github.com/the-tcpdump-group/libpcap/commit/73da0d4d65ef0925772b7b7f82a5fbb3ff2c5e4f https://github.com/the-tcpdump-group

[OE-core][kirkstone][PATCH] libpcap: Security fix for CVE-2023-7256 & CVE-2024-8006

2024-09-14 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Reference: https://security-tracker.debian.org/tracker/CVE-2023-7256 https://security-tracker.debian.org/tracker/CVE-2024-8006 Upstream commits: https://github.com/the-tcpdump-group/libpcap/commit/ba493d37d418b126d7357df553bd065cbc99384e https://github.com/the-tcpdump-group

Re: [OE-core][kirkstone][PATCH] libpcap: upgrade 1.10.1 -> 1.10.5

2024-09-14 Thread Vijay Anusuri via lists.openembedded.org
think this upgrade from > 470 Wednesday, June 9, 2021: > 471 Summary for 1.10.1 libpcap release: > to > 70 Friday, August 30, 2024 / The Tcpdump Group > 71 Summary for 1.10.5 libpcap release > > is suitable for stable branch, please cherry-pick just the security fixes. > &

[OE-core][kirkstone][PATCH] libpcap: upgrade 1.10.1 -> 1.10.5

2024-09-12 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Changelog: https://git.tcpdump.org/libpcap/blob/HEAD:/CHANGES Includes Security fixes CVE-2023-7256, CVE-2024-8006 Signed-off-by: Vijay Anusuri --- .../libpcap/{libpcap_1.10.1.bb => libpcap_1.10.5.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deleti

[OE-core][scarthgap][PATCH] python3: upgrade 3.12.4 -> 3.12.5

2024-09-06 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Changelog: https://docs.python.org/release/3.12.5/whatsnew/changelog.html Include security fix CVE-2024-6923 Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-6923 https://github.com/python/cpython/pull/122233 Signed-off-by: Vijay Anusuri --- .../python

[OE-core][kirkstone][PATCH] qemu: Backport fix for CVE-2024-4467

2024-09-06 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri A flaw was found in the QEMU disk image utility (qemu-img) 'info' command. A specially crafted image file containing a `json:{}` value describing block devices in QMP could cause the qemu-img process on the host to consume large amounts of memory or CPU time,

[OE-core][kirkstone][PATCH] apr: upgrade 1.7.2 -> 1.7.5

2024-09-01 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Refreshed patch 0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch Includes security fix CVE-2023-49582 changelog: https://downloads.apache.org/apr/CHANGES-APR-1.7 Signed-off-by: Vijay Anusuri --- ...1-configure-Remove-runtime-test-for-mmap-that-can-map

Re: [OE-core][master][PATCH] apr: upgrade 1.7.4 -> 1.7.5

2024-09-01 Thread Vijay Anusuri via lists.openembedded.org
Hi Steve, Could you please merge this patch also to scathgap branch along with below commit https://git.openembedded.org/openembedded-core/commit/?id=c041932f14cf552b0446732ce0cca6537f3286ab Thanks & Regards, Vijay On Fri, Aug 30, 2024 at 4:12 PM wrote: > From: Vijay Anusuri > &

[OE-core][master][PATCH] apr: upgrade 1.7.4 -> 1.7.5

2024-08-30 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Refreshed patch 0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch Includes security fix CVE-2023-49582 changelog: https://downloads.apache.org/apr/CHANGES-APR-1.7 Signed-off-by: Vijay Anusuri --- ...1-configure-Remove-runtime-test-for-mmap-that-can-map

[OE-core][kirkstone][PATCH] orc: upgrade 0.4.32 -> 0.4.39

2024-08-09 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Include security fix CVE-2024-40897 Ref: https://github.com/GStreamer/orc/blob/0.4.39/RELEASE Signed-off-by: Vijay Anusuri --- meta/recipes-devtools/orc/{orc_0.4.32.bb => orc_0.4.39.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta/recipes-devto

Re: [OE-core][scarthgap][PATCH] orc: upgrade 0.4.38 -> 0.4.39

2024-08-04 Thread Vijay Anusuri via lists.openembedded.org
Hi Steve, As patch hits the master, could you please sync / merge this patch to scarthgap. https://git.openembedded.org/openembedded-core/commit/?id=bcbaaa9f7d88686915c354fb66682cbe9b1d0536 Thanks & Regards, Vijay On Wed, Jul 31, 2024 at 10:05 AM Vijay Anusuri via lists.openembedded

Re: [OE-core][scarthgap][PATCH] orc: upgrade 0.4.38 -> 0.4.39

2024-07-30 Thread Vijay Anusuri via lists.openembedded.org
> > On Tue, Jul 30, 2024 at 3:10 AM Vijay Anusuri via > lists.openembedded.org > wrote: > > > > From: Vijay Anusuri > > > > Changelog: > > > > - Security: Fix error message printing buffer overflow leading to > possible > > code execut

[OE-core][scarthgap][PATCH] orc: upgrade 0.4.38 -> 0.4.39

2024-07-30 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Changelog: - Security: Fix error message printing buffer overflow leading to possible code executation in orcc with specific input files (CVE-2024-40897). This only affects developers and CI environments using orcc, not users of liborc (Sebastian Dröge, L. E. Segovia

[OE-core][kirkstone][PATCH] python3-jinja2: Upgrade 3.1.3 -> 3.1.4

2024-07-16 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Switch to use flit core since upstream changed. They also changed the capitalisation under pypi. The license didn't change but the file was renamed, probably as it wasn't rst. Signed-off-by: Richard Purdie (cherry picked f

[OE-core][scarthgap][PATCH] openssh: fix CVE-2024-39894

2024-07-16 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri ssh(1) in OpenSSH versions 9.5p1 to 9.7p1 (inclusive). Logic error in ObscureKeystrokeTiming option. A logic error in the implementation of the ssh(1) ObscureKeystrokeTiming option rendered the feature ineffective and additionally exposed limited keystroke timing

Re: [OE-core] [PATCH 1/2] python3-jinja2: Upgrade 3.1.3 -> 3.1.4

2024-07-02 Thread Vijay Anusuri via lists.openembedded.org
Hi Richard / Steve, Could you merge this patch to Scarthgap branch from Master. Upgrade to 3.1.4 fixes CVE-2024-34064 . Thanks & Regards, Vijay On Tue, Jun 4, 2024 at 12:31 PM Richard Purdie via lists.openembedded.org wrote: > Switch to use flit core since upstream changed. > > They also chang

[OE-core][kirkstone][PATCH] wget: Fix for CVE-2024-38428

2024-06-21 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace] Signed-off-by: Vijay Anusuri --- .../wget/wget/CVE-2024-38428.patch| 79 +++ meta/recipes-extended/wget/wget_1.21.4.bb

[OE-core][scarthgap][PATCH] wget: Fix for CVE-2024-38428

2024-06-20 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace] Signed-off-by: Vijay Anusuri --- .../wget/wget/CVE-2024-38428.patch| 79 +++ meta/recipes-extended/wget/wget_1.21.4.bb

[OE-core][PATCH] wget: Fix for CVE-2024-38428

2024-06-20 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/wget.git/commit/?id=ed0c7c7e0e8f7298352646b2fd6e06a11e242ace] Signed-off-by: Vijay Anusuri --- .../wget/wget/CVE-2024-38428.patch| 79 +++ meta/recipes-extended/wget/wget_1.24.5.bb

[OE-core][scarthgap][PATCH] go: Fix for CVE-2024-24790

2024-06-20 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca Reference: https://github.com/golang/go/issues/67680 Signed-off-by: Vijay Anusuri --- meta/recipes-devtools/go/go-1.22.2.inc| 1 + .../go/go/CVE-2024

[OE-core][PATCH] go: Fix for CVE-2024-24790

2024-06-20 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca Reference: https://github.com/golang/go/issues/67680 Signed-off-by: Vijay Anusuri --- meta/recipes-devtools/go/go-1.22.3.inc| 1 + .../go/go/CVE-2024

Re: [OE-core][kirkstone][PATCH 1/1] util-linux: Fix CVE-2024-28085

2024-05-28 Thread Vijay Anusuri via lists.openembedded.org
Hi Soumya, Along with Debian, Suse also fixed the issue with those 4 dependent commits (https://bugzilla.suse.com/show_bug.cgi?id=1221831). Debian added the "--disable-use-tty-group" configure option during build along with patch for complete fix ( https://launchpad.net/ubuntu/+source/util-linux/

[OE-core][kirkstone][PATCH] binutils: Rename CVE-2022-38126 patch to CVE-2022-35205

2024-05-21 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri CVE-2022-38126 has been marked "REJECT" in the CVE List by NVD. Reference: https://nvd.nist.gov/vuln/detail/CVE-2022-38126 As commit changes in 0016-CVE-2022-38126.patch fixes CVE-2022-35205. Hence renamed the patch. Link: https://ubuntu.com/security/CVE-2022-352

[OE-core][kirkstone][PATCH] gstreamer1.0-plugins-bad: fix CVE-2023-50186

2024-05-10 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/a46737a73155fe1c19fa5115df40da35426f9fb5] Signed-off-by: Vijay Anusuri --- .../CVE-2023-50186.patch | 70 +++ .../gstreamer1.0-plugins-bad_1.20.7.bb

[OE-core][kirkstone][PATCH] bluez5: Fix CVE-2023-27349 CVE-2023-50229 & CVE-2023-50230

2024-05-10 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://github.com/bluez/bluez/commit/f54299a850676d92c3dafd83e9174fcfe420ccc9 & https://github.com/bluez/bluez/commit/5ab5352531a9cc7058cce569607f3a6831464443] Signed-off-by: Vijay Anusuri --- meta/recipes-connectivity/bluez5/bluez5.inc

[OE-core][kirkstone][PATCH] less: backport Debian patch for CVE-2024-32487

2024-05-06 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri import patch from ubuntu to fix CVE-2024-32487 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/less/tree/debian/patches?h=ubuntu/jammy-security Upstream commit https://github.com/gwsw/less/commit

Re: [OE-core][kirkstone][PATCH 1/1] go: Fix CVE-2023-45288

2024-04-19 Thread Vijay Anusuri via lists.openembedded.org
Hi Soumya, I've already sent patch for the Kirkstone branch. https://lists.openembedded.org/g/openembedded-core/message/198495 Thanks & Regards, Vijay On Fri, Apr 19, 2024 at 6:52 PM Soumya via lists.openembedded.org wrote: > From: Soumya Sambu > > An attacker may cause an HTTP/2 endpoint t

[OE-core][kirkstone][PATCH] go: Fix for CVE-2023-45288

2024-04-17 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://github.com/golang/go/commit/e55d7cf8435ba4e58d4a5694e63b391821d4ee9b Signed-off-by: Vijay Anusuri --- meta/recipes-devtools/go/go-1.17.13.inc | 1 + .../go/go-1.18/CVE-2023-45288.patch | 95 +++ 2

[OE-core][kirkstone][PATCH] xserver-xorg: Fix for CVE-2024-31080 and CVE-2024-31081

2024-04-09 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.freedesktop.org/xorg/xserver/-/commit/96798fc1967491c80a4d0c8d9e0a80586cb2152b & https://gitlab.freedesktop.org/xorg/xserver/-/commit/3e77295f888c67fc7645db5d0c00926a29ffecee Signed-off-by: Vijay Anusuri --- .../xserver-

[OE-core][dunfell][PATCH] ncurses: Backport fix for CVE-2023-50495

2024-04-02 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://github.com/ThomasDickey/ncurses-snapshots/commit/efe9674ee14b14b788f9618941f97d31742f0adc Reference: https://invisible-island.net/archives/ncurses/6.4/ncurses-6.4-20230424.patch.gz Signed-off-by: Vijay Anusuri --- .../ncurses/files

[OE-core][kirkstone][PATCH] curl: backport Debian patch for CVE-2024-2398

2024-04-01 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri import patch from ubuntu to fix CVE-2024-2398 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/?h=ubuntu%2Fjammy-security Upstream commit https://github.com/curl/curl/commit

[OE-core][kirkstone][PATCH] qemu: Fix for CVE-2023-6683

2024-04-01 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://gitlab.com/qemu-project/qemu/-/commit/405484b29f6548c7b86549b0f961b906337aa68a Reference: https://security-tracker.debian.org/tracker/CVE-2023-6683 Signed-off-by: Vijay Anusuri --- meta/recipes-devtools/qemu/qemu.inc | 1

[OE-core][dunfell][PATCH] curl: backport Debian patch for CVE-2024-2398

2024-04-01 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri import patch from ubuntu to fix CVE-2024-2398 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches/?h=ubuntu%2Ffocal-security Upstream commit https://github.com/curl/curl/commit

Re: [OE-core][kirkstone][PATCH] util-linux: Fix for CVE-2024-28085

2024-03-31 Thread Vijay Anusuri via lists.openembedded.org
"wall: use fputs_careful()") I have added offending commits as dependency patches. As vulnerable code is not present, it's not affected. So, I want it to be ignored. Thanks & Regards, Vijay On Sun, Mar 31, 2024 at 5:54 AM Randy MacLeod wrote: > > > On Fri, Mar 29, 2024, 11:52 Vi

Re: [OE-core][kirkstone][PATCH] util-linux: Fix for CVE-2024-28085

2024-03-29 Thread Vijay Anusuri via lists.openembedded.org
Hi Steve, Please ignore this patch. Thanks & Regards, Vijay On Fri, Mar 29, 2024 at 4:44 PM Vijay Anusuri via lists.openembedded.org wrote: > From: Vijay Anusuri > > Upstream-Status: Backport from > > https://github.com/util-linux/util-linux/commit/8a7b8456d1dc0e7ca557d

[OE-core][kirkstone][PATCH] util-linux: Fix for CVE-2024-28085

2024-03-29 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://github.com/util-linux/util-linux/commit/8a7b8456d1dc0e7ca557d1ac31f638986704757f & https://github.com/util-linux/util-linux/commit/27ee6446503af7ec0c2647704ca47ac4de3852ef & https://github.com/util-linux/util-linu

[OE-core][dunfell][PATCH] tar: Fix for CVE-2023-39804

2024-03-28 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4 Signed-off-by: Vijay Anusuri --- .../tar/tar/CVE-2023-39804.patch | 64 +++ meta/recipes-extended/tar/tar_1.32.bb

[OE-core][dunfell][PATCH v2] go: Fix for CVE-2023-45289 CVE-2023-45290 & CVE-2024-24785

2024-03-26 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 & https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 & https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e] Si

[OE-core][dunfell][PATCH] go: Fix for CVE-2023-45289 CVE-2023-45290 & CVE-2024-24785

2024-03-26 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 & https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 & https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e] Si

[OE-core][dunfell][PATCH] libtiff: backport Debian patch for CVE-2023-6277 & CVE-2023-52356

2024-03-22 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri import patches from ubuntu to fix CVE-2023-6277 CVE-2023-52356 Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/tiff/tree/debian/patches/?h=ubuntu%2Ffocal-security Upstream commit https://gitlab.com/libtiff/libtiff/-/commit

[OE-core][dunfell][PATCH] qemu: Ignore multiple CVEs

2024-03-21 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri * CVE-2023-6683: not affected, introduced in v6.1.0-rc0 * CVE-2023-6693: not affected, introduced in v5.1.0-rc0 * CVE-2023-42467: not affected, introduced in v7.1.0-rc0 & v7.1.0-rc2 * CVE-2024-24474: not affected, introduced in v6.0.0-rc0 * CVE-2024-26328: not affe

[OE-core][kirkstone][PATCH] python3-cryptography: Backport fix for CVE-2024-26130

2024-03-19 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 Signed-off-by: Vijay Anusuri --- .../python3-cryptography/CVE-2024-26130.patch | 66 +++ .../python/python3-cryptography_36.0.2.bb | 1

[OE-core][dunfell][PATCH] libxml2: Backport fix for CVE-2024-25062

2024-03-06 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://gitlab.gnome.org/GNOME/libxml2/-/commit/31c6ce3b63f8a494ad9e31ca65187a73d8ad3508 & https://gitlab.gnome.org/GNOME/libxml2/-/commit/2b0aac140d739905c7848a42efc60bfe783a39b7] Signed-off-by: Vijay Anusuri --- .../libxml/libxml2/CVE-

Re: [OE-core][kirkstone][PATCH] ghostscript: ignore CVE-2020-36773

2024-03-03 Thread Vijay Anusuri via lists.openembedded.org
Hi Steve, I've sent mail to cpe_diction...@nist.gov to update the information. Now it was updated in https://nvd.nist.gov/vuln/detail/CVE-2020-36773 Thanks & Regards, Vijay On Thu, Feb 8, 2024 at 8:40 PM Steve Sakoman wrote: > On Wed, Feb 7, 2024 at 8:42 PM Vijay

[OE-core][kirkstone][PATCH] qemu: Fix for CVE-2024-24474

2024-02-25 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52] Signed-off-by: Vijay Anusuri --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2024-24474.patch| 44 +++ 2 files

[OE-core][dunfell][PATCH] less: Fix for CVE-2022-48624

2024-02-25 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144] Signed-off-by: Vijay Anusuri --- .../less/less/CVE-2022-48624.patch| 41 +++ meta/recipes-extended/less/less_551.bb| 1 + 2 files

[OE-core][kirkstone][PATCH] less: Fix for CVE-2022-48624

2024-02-22 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport [https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144] Signed-off-by: Vijay Anusuri --- .../less/less/CVE-2022-48624.patch| 41 +++ meta/recipes-extended/less/less_600.bb| 1 + 2 files

[OE-core][dunfell][PATCH] xserver-xorg: Multiple CVE fixes

2024-01-24 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Fix below CVE's CVE-2023-6816 CVE-2024-0229 CVE-2024-21885 CVE-2024-21886 CVE-2024-0408 CVE-2024-0409 Signed-off-by: Vijay Anusuri --- .../xserver-xorg/CVE-2023-6816.patch | 55 + .../xserver-xorg/CVE-2024-0229-1.patch| 87 +++ .../xserver

[OE-core][dunfell][PATCH] pam: Fix for CVE-2024-22365

2024-01-23 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri Upstream-Status: Backport from https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb Signed-off-by: Vijay Anusuri --- .../pam/libpam/CVE-2024-22365.patch | 59 +++ meta/recipes-extended/pam/libpam_1.3.1.bb

[OE-core][dunfell][PATCH] gnutls: Backport fix for CVE-2024-0553

2024-01-22 Thread Vijay Anusuri via lists.openembedded.org
From: Vijay Anusuri CVE-2024-0553 A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel

  1   2   >