CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
7c4bd642e4
poky/meta/recipes-devtools
History
Divya Chellam 7c4bd642e4 ruby: fix CVE-2024-39908 
REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some
DoS vulnerabilities when it parses an XML that has many specific characters
such as `<`, `0` and `%>`. If you need to parse untrusted XMLs, you many be
impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the
patches to fix these vulnerabilities. Users are advised to upgrade. Users
unable to upgrade should avoid parsing untrusted XML strings.

Reference:
https://security-tracker.debian.org/tracker/CVE-2024-39908

Upstream-patches:
f1df7d13b3
d146162e9a
b5bf109a59
b8a5f4cd5c
0af55fa49d
c1b64c174e
9f1415a261
c33ea49810
a79ac8b4b4
67efb5951e
1f1e6e9b40
910e5a2b48

(From OE-Core rev: 6e0b70843422cd7cdb25a9e1520dd64bf701fea6)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-12-01 06:50:49 -08:00
..
apt apt: add missing <cstdint> for uint16_t 2023-10-18 05:13:24 -10:00
autoconf autoconf: Update K & R stype functions 2022-09-16 17:53:22 +01:00
autoconf-archive
automake automake: fix buildtest patch 2023-08-26 04:24:02 -10:00
binutils binutils: patch CVE-2025-11413 2025-11-06 07:14:05 -08:00
bison
bootchart2 bootchart2: Fix usrmerge support 2023-02-15 21:46:56 +00:00
btrfs-tools btrfs-tools: upgrade 5.16 -> 5.16.2 2022-03-04 17:14:15 +00:00
cargo rust-common: Drop LLVM_TARGET and simplify 2022-06-07 11:53:26 +01:00
ccache ccache: fix build with gcc-13 2023-10-05 15:48:49 -10:00
cdrtools cdrtools-native: fix build with gcc-14 2024-10-12 05:17:58 -07:00
chrpath
cmake cmake: fix CVE-2025-9301 2025-10-24 06:47:19 -07:00
createrepo-c createrepo-c: upgrade 0.18.0 -> 0.19.0 2022-03-16 10:31:40 +00:00
dejagnu dejagnu: Fix LICENSE 2024-09-16 06:09:56 -07:00
desktop-file-utils
devel-config
diffstat
distcc
dmidecode dmidecode: fixup for CVE-2023-30630 2023-08-19 05:56:58 -10:00
dnf dnf: upgrade 4.10.0 -> 4.11.1 2022-03-16 10:31:40 +00:00
docbook-xml
dosfstools
dpkg dpkg: patch CVE-2025-6297 2025-08-29 08:33:33 -07:00
dwarfsrcfiles
e2fsprogs e2fsprogs: removed 'sed -u' option 2025-06-20 08:06:30 -07:00
elfutils elfutils: Fix CVE-2025-1377 2025-11-24 06:57:39 -08:00
erofs-utils erofs-utils: Use __SANE_USERSPACE_TYPES__ on ppc64 2022-03-15 08:40:09 +00:00
expect expect: modify fixline1 script 2022-03-16 13:39:12 +00:00
fdisk
file file: fix CVE-2022-48554 2023-09-08 16:09:41 -10:00
flex
gcc gcc: AArch64 - Fix strict-align cpymem/setmem 2025-05-28 08:46:32 -07:00
gdb gdb: Fix CVE-2024-53589 2025-02-05 06:54:35 -08:00
git git: fix CVE-2025-48386 2025-10-31 06:23:13 -07:00
glide
gnu-config gnu-config: update SRC_URI 2022-03-24 17:45:29 +00:00
go go: fix CVE-2024-24783 2025-11-06 07:14:05 -08:00
help2man
i2c-tools
icecc-create-env
icecc-toolchain
intltool
jquery
json-c json-c: define CVE_VERSION 2023-10-05 15:48:49 -10:00
libcomps
libdnf libdnf: resolve cstdint inclusion for newer gcc versions 2023-09-08 16:09:42 -10:00
libedit libedit: Make docs generation deterministic 2024-09-16 06:09:56 -07:00
libmodulemd
librepo librepo: upgrade 1.14.2 -> 1.14.3 2022-05-25 22:45:50 +01:00
libtool libtool: Upgrade 2.4.6 -> 2.4.7 2022-03-23 12:13:49 +00:00
llvm llvm: fix typo in CVE-2024-0151.patch 2025-09-12 09:24:24 -07:00
log4cplus log4cplus: upgrade 2.0.7 -> 2.0.8 2022-08-04 16:29:15 +01:00
lua lua: Fix install conflict when enable multilib. 2023-03-20 17:20:44 +00:00
m4 m4: Fix build on musl/ppc 2022-03-11 06:56:01 +00:00
make
makedevs makedevs: Don't use COPYING.patch just to add license file into ${S} 2022-06-11 10:06:13 +01:00
meson meson: Fix wrapper handling of implicit setup command 2023-03-20 17:20:44 +00:00
mmc mmc-utils: upgrade to latest revision 2022-05-25 22:45:50 +01:00
mtd mtd-utils: upgrade 2.1.4 -> 2.1.5 2022-12-01 19:35:05 +00:00
mtools mtools: upgrade 4.0.37 -> 4.0.38 2022-03-20 00:02:22 +00:00
nasm nasm: fix CVE-2020-21528 2023-09-08 16:09:41 -10:00
ninja ninja: fix build with python 3.13 2024-12-02 06:23:20 -08:00
opkg opkg: Set correct info_dir and status_file in opkg.conf 2022-12-13 15:23:34 +00:00
opkg-utils opkg-utils: use a git clone, not a dynamic snapshot 2022-11-09 17:42:08 +00:00
orc orc: set CVE_PRODUCT 2025-07-30 07:47:48 -07:00
patch
patchelf patchelf: replace a rejected patch with an equivalent uninative.bbclass tweak 2023-04-11 11:31:52 +01:00
perl perl: enable _GNU_SOURCE define via d_gnulibc 2025-05-16 08:58:06 -07:00
perl-cross perl: update 5.34.1 -> 5.34.3 2023-12-22 16:36:55 -10:00
pkgconf pkgconf: fix CVE-2023-24056 2023-03-23 22:45:33 +00:00
pkgconfig
pseudo pseudo: Fix envp bug and add posix_spawn wrapper 2024-11-15 06:05:32 -08:00
python python3-idna: Fix CVE-2024-3651 2025-12-01 06:50:49 -08:00
qemu qemu: patch CVE-2024-8354 2025-10-17 07:27:23 -07:00
quilt quilt: Fix merge.test race condition 2023-05-30 04:11:15 -10:00
repo
rpm rpm: Remove -Wimplicit-function-declaration warnings 2022-10-11 21:56:13 +01:00
rsync rsync: fix CVE-2024-12747 2025-01-24 07:49:28 -08:00
ruby ruby: fix CVE-2024-39908 2025-12-01 06:50:49 -08:00
run-postinsts run-postinsts: Set dependency for ldconfig to avoid boot issues 2023-05-10 04:19:57 -10:00
rust rust-cross-canadian: Ignore CVE-2024-43402 2025-11-19 08:21:24 -08:00
squashfs-tools squashfs-tools: correct upstream version check 2022-03-20 00:02:22 +00:00
strace strace: Update patches/tests with upstream fixes 2023-07-12 05:11:38 -10:00
subversion subversion: ignore CVE-2024-45720 2025-02-24 07:00:53 -08:00
swig
syslinux syslinux: Disable error on implicit-function-declaration 2024-10-24 06:31:58 -07:00
systemd-bootchart
tcf-agent tcf-agent: correct the SRC_URI 2025-07-18 08:32:26 -07:00
tcltk tcl: skip async and event tests in run-ptest 2024-04-19 04:50:39 -07:00
unfs3
unifdef
vala Don't use ftp.gnome.org 2025-11-06 07:14:05 -08:00
valgrind valgrind: disable avx_estimate_insn.vgtest 2024-10-12 05:17:58 -07:00
xmlto xmlto: backport a patch to fix build with gcc-14 on host 2024-11-11 06:19:18 -08:00