meta-openembedded

mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00

Author	SHA1	Message	Date
Ankur Tyagi	07330a98cf	libppd: patch CVE-2024-47175 Details https://nvd.nist.gov/vuln/detail/CVE-2024-47175 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	beb0dbaf25	hdf5: patch CVE-2025-6269 Details https://nvd.nist.gov/vuln/detail/CVE-2025-6269 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	e7832348a6	hdf5: patch CVE-2025-2925 Details https://nvd.nist.gov/vuln/detail/CVE-2025-2925 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	f0cdeee918	hdf5: patch CVE-2025-2924 Details https://nvd.nist.gov/vuln/detail/CVE-2025-2924 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	01238545d8	hdf5: patch CVE-2025-2923 Details https://nvd.nist.gov/vuln/detail/CVE-2025-2923 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	7f8516d8db	tinyproxy: patch CVE-2023-49606 Details https://nvd.nist.gov/vuln/detail/CVE-2023-49606 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	95f680e0df	libraw: patch CVE-2025-43964 Details https://nvd.nist.gov/vuln/detail/CVE-2025-43964 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	287ed36b86	libraw: patch CVE-2025-43963 Details https://nvd.nist.gov/vuln/detail/CVE-2025-43963 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	337ab48ff8	libraw: patch CVE-2025-43961 CVE-2025-43962 Details - https://nvd.nist.gov/vuln/detail/CVE-2025-43961 - https://nvd.nist.gov/vuln/detail/CVE-2025-43962 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	1ef236b6c5	libcupsfilters: patch CVE-2024-47076 Details https://nvd.nist.gov/vuln/detail/CVE-2024-47076 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Gyorgy Sarvari	90145daef3	libavif: patch CVE-2025-48174 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-48174 Backport the pull request mentioned in the details of the CVE. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Gyorgy Sarvari	b7c5dc918d	jasper: patch CVE-2025-8837 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8837 Pick the patch from the details of the above link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Gyorgy Sarvari	90bc4f0011	jasper: patch CVE-2025-8836 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8836 Pick the patch mentioned in the details of the above link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Gyorgy Sarvari	9ed43a962b	jasper: patch CVE-2025-8835 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8835 Pick the patch from the details of the above link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Gyorgy Sarvari	ccbe303f50	iperf2: ignore irrelevant CVEs These CVEs are for iperf3 - which is a similar application in its goals (and name), but an independent project from this, and the projects are independent implementations also, they share no common code. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `aedf74e082`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	2b5cc0933f	libiec61850: patch CVE-2024-45970 Details https://nvd.nist.gov/vuln/detail/CVE-2024-45970 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:32 +02:00
Ankur Tyagi	a52bccdbc0	libiec61850: patch CVE-2024-45971 Details https://nvd.nist.gov/vuln/detail/CVE-2024-45971 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Ankur Tyagi	42a6b0441c	libiec61850: patch CVE-2024-26529 Details https://nvd.nist.gov/vuln/detail/CVE-2024-26529 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	c5f1156fb0	imagemagick: patch CVE-2025-57807 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57807 Pick the commit mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	dce548569d	imagemagick: patch CVE-2025-57803 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57803 Pick the commit mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	2e0b5fe2ef	imagemagick: patch CVE-2025-55212 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55212 Pick the patch that mentions the related github advisory in its commit message. Also backport the missing function that the fix uses. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	188c714d2a	imagemagick: patch CVE-2025-55160 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55160 Pick the commit that mentions the related github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	63362396cb	imagemagick: patch CVE-2025-55154 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55154 Pick the commit that mentions the related github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	ccc4bcf76f	imagemagick: patch CVE-2025-55005 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55005 Pick the patch that mentions the relevant github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	75923b59dc	imagemagick: patch CVE-2025-55004 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55004 Pick the patch that mentions the relevant github advisory in its commit message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	4fb661fec1	imagemagick: patch CVE-2025-53101 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53101 Pick the patch mentioned in the details of the above link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	e257ea4640	imagemagick: patch CVE-2025-53019 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53019 Pick the patch mentioned in the related github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	2eefeef2b7	imagemagick: patch CVE-2025-53015 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53015 Pick the patches that are mentioned in the relevant github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	ee51f8f457	imagemagick: patch CVE-2025-53014 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53014 Pick the patch mentioned in the related Github advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Rajeshkumar Ramasamy	a28ca3adca	open-vm-tools: upgrade 12.5.0 -> 12.5.4 this release addressed below CVEs: CVE-2025-22247 CVE-2025-41244 Changelog: https://github.com/vmware/open-vm-tools/releases Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	e87841beae	gimp: patch CVE-2025-5473 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-5473 Pick the patch that resolved the relevant upstream bugreport: https://gitlab.gnome.org/GNOME/gimp/-/issues/13910 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	b3d0641944	gimp: ignore CVE-2025-8672 The vulnerability only affects MacOS: https://nvd.nist.gov/vuln/detail/CVE-2025-8672 While touching it, also remove an outdated CVE_STATUS, which has been reported against a very old version of the application. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `f516be2c45`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	f47fdfd730	exiv2: patch CVE-2025-55304 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55304 Backport patch mentioned in the details of the vulnerability. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	40036aa47a	exiv2: patch CVE-2025-54080 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-54080 Backport the patch mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	7907a3e206	exiv2: patch CVE-2025-26623 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26623 Apply the first to PRs from the relevant issue. (The second PR adds a test, and the 3rd PR tries to reimplement correctly the feature that introduced the vulnerability: it is switching some raw pointers to smart pointers. It was not picked because the 1. In the original issue it is stated that the first PR itself fixes the vulnerability 2. The patch doesn't apply clean due to the time gap between our and their version 3. The behavior of the application does not change ) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	7207c63b55	python3-django: ignore CVE-2025-27556 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27556 Vulnerability affects only Windows - ignore it. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	97cd359c29	redis: patch CVE-2025-48367 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-48367 Backport the patch mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	1e7af79e70	redis: patch CVE-2025-32023 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-32023 Backport the patch mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	0436597eb6	redis: patch CVE-2025-27151 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27151 Backport the patch mentioned in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	f786847743	redis: ignore CVE-2025-21605 The vulnerability has been fixed in the used versions already, upstream has backported it. 6.2.18: `5e93f9cb9d` 7.2.8: `42fb340ce4` Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	f7c6bcc1ce	wireshark: patch CVE-2025-5601 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-5601 Backport the patch from the Gitlab issue linked in the details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	b31d192efb	emacs: patch CVE-2024-39331 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39331 Pick the patch that's mentioned in thee details. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	2ee73d842e	emacs: patch CVE-2024-30205 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30205 Pick the patch that's in the description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	36c85fe852	emacs: patch CVE-2024-30204 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30204 Pick the patch that's mentioned in the description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	4408242e55	emacs: patch CVE-2024-30203 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30203 Pick the patch mentioned in the description. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	2d9e67618e	emacs: patch CVE-2024-30202 Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30202 Backport the patch mentioned in the details of the link. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	39c6b336cf	dovecot: patch CVE-2022-30550 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-30550 Pick the commit referenced in https://www.openwall.com/lists/oss-security/2022/07/08/1 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	c21d0a9268	civetweb: patch CVE-2025-55763 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55763 Pick the relevant commit from https://github.com/civetweb/civetweb/pull/1347/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Gyorgy Sarvari	36fa532688	apache2: patch CVE-2025-54090 https://nvd.nist.gov/vuln/detail/CVE-2025-54090 A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true". Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00
Ankur Tyagi	dead2a0070	zlog: fix CVE-2024-22857 Backport a fix from upstream `c47f781a9f` Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-13 09:21:31 +02:00

1 2 3 4 5 ...

34033 Commits