CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
7c4bd642e4
poky/meta
History
Divya Chellam 7c4bd642e4 ruby: fix CVE-2024-39908 
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some
DoS vulnerabilities when it parses an XML that has many specific characters
such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be
impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the
patches to fix these vulnerabilities. Users are advised to upgrade. Users
unable to upgrade should avoid parsing untrusted XML strings.

Reference:
https://security-tracker.debian.org/tracker/CVE-2024-39908

Upstream-patches:
f1df7d13b3
d146162e9a
b5bf109a59
b8a5f4cd5c
0af55fa49d
c1b64c174e
9f1415a261
c33ea49810
a79ac8b4b4
67efb5951e
1f1e6e9b40
910e5a2b48

(From OE-Core rev: 6e0b70843422cd7cdb25a9e1520dd64bf701fea6)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-01 06:50:49 -08:00
..
classes goarch.bbclass: do not leak TUNE_FEATURES into crosssdk task signatures 2025-11-19 08:21:24 -08:00
conf conf/bitbake.conf: use gnu mirror instead of main server 2025-10-14 07:20:36 -07:00
files meta: Enable '-o pipefail' for the SDK installer 2025-03-04 08:46:02 -08:00
lib oeqa/sdk/cases/buildcpio.py: use gnu mirror instead of main server 2025-10-14 07:20:36 -07:00
recipes-bsp efibootmgr: update SRC_URI branch 2025-11-19 08:21:24 -08:00
recipes-connectivity bind: upgrade 9.18.33 -> 9.18.41 2025-11-06 07:14:05 -08:00
recipes-core musl: patch CVE-2025-26519 2025-11-24 06:57:39 -08:00
recipes-devtools ruby: fix CVE-2024-39908 2025-12-01 06:50:49 -08:00
recipes-example/rust-hello-world rustfmt: remove the recipe 2021-12-08 20:22:11 +00:00
recipes-extended ghostscript: patch CVE-2025-59800 2025-10-14 07:20:35 -07:00
recipes-gnome Don't use ftp.gnome.org 2025-11-06 07:14:05 -08:00
recipes-graphics xwayland: Fix for CVE-2025-62231 2025-11-24 06:57:39 -08:00
recipes-kernel babeltrace2: fetch with https protocol 2025-11-19 08:21:24 -08:00
recipes-multimedia ffmpeg: mark CVE-2023-6601 as patched 2025-10-14 07:20:36 -07:00
recipes-rt meta/recipes: python 3.12 regex 2024-03-01 05:19:54 -10:00
recipes-sato puzzles: ignore three new CVEs for a different puzzles 2025-03-19 07:13:17 -07:00
recipes-support curl: ignore CVE-2025-10966 2025-11-19 08:21:24 -08:00
site ppc/siteinfo: Fix differences between musl and glibc 2022-03-15 08:40:09 +00:00
COPYING.MIT
recipes.txt