Vijay Anusuri
ef632f4693
libsoup-2.4: Fix CVE-2025-32914
...
import patch from debian to fix
CVE-2025-32914
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit 5bfcf81575https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/450
https://security-tracker.debian.org/tracker/CVE-2025-32914
(From OE-Core rev: 8996e178264cf6bf9b69365172f43a5ee8e9f727)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Vijay Anusuri
cbbea14280
libsoup-2.4: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3dvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Vijay Anusuri
d8278fd9f9
libsoup-2.4: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
7b4ef0e004f4a761fb66vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Vijay Anusuri
21bb9c063b
libsoup-2.4: Fix CVE-2025-32910
...
import patch from debian to fix
CVE-2025-32910
Upstream-Status: Backport [import from debian https://salsa.debian.org/gnome-team/libsoup/-/tree/debian/bullseye/debian/patches?ref_type=heads
Upstream commit e40df6d48a405a8a3459ea16eeacb0https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/417
https://security-tracker.debian.org/tracker/CVE-2025-32910
(From OE-Core rev: b65e3d3a4dc2375d9bb81c7a91c84139cc667a47)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Ashish Sharma
0f58759f1b
libsoup-2.4: Fix CVE-2025-46420
...
Upstream-Status: Backport [c9083869ecasharma@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-28 08:46:32 -07:00
Vijay Anusuri
45c3cde26b
libsoup: Fix CVE-2025-32914
...
Upstream-Status: Backport
[5bfcf81575vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
3f1cc96cb9
libsoup: Fix CVE-2025-32912
...
Upstream-Status: Backport from
cd077513f2910ebdcd3dvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
d8c4c5ea04
libsoup: Fix CVE-2025-32911 & CVE-2025-32913
...
Upstream-Status: Backport from
7b4ef0e004f4a761fb66vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
fe91f67d38
libsoup: Fix CVE-2025-32910
...
Upstream-Status: Backport from
e40df6d48a405a8a3459ea16eeacb0vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
cc7f7f1c29
libsoup: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: 491373828c1c66030fb41687f9a42b9e4deb010b)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
dc621121b1
libsoup: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
14f293eecf
libsoup: update fix CVE-2024-52532
...
Upstream-Status: Backport from 4c9e75c667vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
e07ed2059c
libsoup-2.4: Fix CVE-2025-32909
...
Upstream-Status: Backport from https://gitlab.gnome.org/GNOME/libsoup/-/comm
it/ba4c3a6f988beff59e45801ab36067293d24ce92
(From OE-Core rev: ad1244ee75b4169eab21c2c8744b86342b32dd07)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
6b27d84c2c
libsoup-2.4: Fix CVE-2025-32906
...
Upstream-Status: Backport from
1f509f31b6af5b9a4a39vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Vijay Anusuri
02c2876c5e
libsoup-2.4: Update fix CVE-2024-52532
...
Upstream-Status: Backport from 4c9e75c667vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-16 08:58:06 -07:00
Peter Marko
ade4d1829a
sqlite3: patch CVE-2025-29088
...
Pick commit [1] mentioned in [2].
[1] 56d2fd008bhttps://nvd.nist.gov/vuln/detail/CVE-2025-29088
(From OE-Core rev: 70d2d56f89d6f4589d65a0b4f0cbda20d2172167)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-05-02 08:12:41 -07:00
Yogita Urade
b5b884bc1a
curl: ignore CVE-2025-0725
...
CVE-2025-0725 can only trigger for curl when using a runtime
zlib version 1.2.0.3 or older and kirkstone supports
zlib 1.2.11 version, hence ignore cve for kirkstone.
Reference:
https://curl.se/docs/CVE-2025-0725.html
https://git.openembedded.org/openembedded-core/commit/?h=scarthgap&id=8c3b4a604b40260e7ca9575715dd8017e17d35c0
(From OE-Core rev: 9077246122b1284e8b6430384cccaf6f0b6c80c3)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-04-11 08:36:02 -07:00
Vijay Anusuri
e4721dd506
vim: Upgrade 9.1.1115 -> 9.1.1198
...
This includes CVE-fix for CVE-2025-27423 and CVE-2025-29768
Changes between 9.1.1115 -> 9.1.1198
====================================
https://github.com/vim/vim/compare/v9.1.1115...v9.1.1198
(From OE-Core rev: 0ace90f2918496ceae32aebea05bb826d1e3dad6)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 8e540bd287fd56e3a714f81395b59dd508a6d957)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-04-01 09:02:41 -07:00
Vijay Anusuri
4df4248036
libxslt: Fix for CVE-2025-24855
...
Upstream-Commit: c7c7f1f78dvanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-03-27 08:16:30 -07:00
Vijay Anusuri
0490768a25
libxslt: Fix for CVE-2024-55549
...
Upstream-Commit: 46041b65f2vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-03-27 08:16:30 -07:00
Divya Chellam
b210ed67de
vim: Upgrade 9.1.1043 -> 9.1.1115
...
This includes CVE-fix for CVE-2025-26603 and CVE-2025-1215
Changes between 9.1.1043 -> 9.1.1115
====================================
https://github.com/vim/vim/compare/v9.1.1043...v9.1.1115
(From OE-Core rev: acb88b244e89bc1300a24f60d0a44c21e0ab1af6)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-03-19 07:13:17 -07:00
Vijay Anusuri
3cd40cac2b
libtasn1: upgrade 4.19.0 -> 4.20.0
...
* Noteworthy changes in release 4.20.0 (2025-02-01) [stable]
- The release tarball is now reproducible.
- We publish a minimal source-only tarball generated by 'git archive'.
- Update gnulib files and various build/maintenance fixes.
- Fix CVE-2024-12133: Potential DoS in handling of numerous SEQUENCE OF or SET
OF elements
License-Update: file COPYING.LESSER renamed to COPYING.LESSERv2 & Copyright year updated to 2025
(From OE-Core rev: 0ff5d08053d92eeae5b2a23f8e0d7a280488723c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-03-13 08:50:03 -07:00
Jiaying Song
a84c9d6623
boost: fix do_fetch error
...
Change the SRC_URI to the correct value due to the following error:
WARNING: boost-native-1.86.0-r0 do_fetch: Checksum failure encountered with download of https://boostorg.jfrog.io/artifactory/main/release/1.86.0/source/boost_1_86_0.tar.bz2 - will attempt other sources if available
(From OE-Core rev: 3b4c5ce6b89477307f3a2c30c7e275473b0c9f00)
Signed-off-by: Jiaying Song <jsong-cn@ala-lpggp7.wrs.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
backport to kirkstone.
Signed-off-by: Libo Chen <libo.chen.cn@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-03-04 08:46:02 -08:00
Divya Chellam
3a36dce7e5
vim: Upgrade 9.1.0764 -> 9.1.1043
...
This includes CVE-fix for CVE-2025-22134 and CVE-2025-24014
Changes between 9.1.0764 -> 9.1.1043
====================================
https://github.com/vim/vim/compare/v9.1.0764...v9.1.1043
(From OE-Core rev: 73b5570a16708d1e749b1ec525299d10557cbf56)
Signed-off-by: Divya Chellam <divya.chellam@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-02-28 06:51:35 -08:00
Hitendra Prajapati
be7617de69
libcap: fix CVE-2025-1390
...
Upstream-Status: Backport from https://git.kernel.org/pub/scm/libs/libcap/libcap.git/commit/?id=1ad42b66c3567481cc5fa22fc1ba1556a316d878
(From OE-Core rev: 142715b83fb2c5f4dfeeab2c6e7feccecd1ca46f)
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-02-28 06:51:35 -08:00
Archana Polampalli
0730523542
gnutls: fix CVE-2024-12243
...
A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing.
Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate
data can take excessive time, leading to increased resource consumption.
This flaw allows a remote attacker to send a specially crafted certificate, causing
GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.
(From OE-Core rev: 5fbe46de6d2e3862316cf486503f18e616c3c0a7)
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-02-24 07:00:53 -08:00
Peter Marko
0160cb7751
libpcre2: ignore CVE-2022-1586
...
This CVE is fixed in 10.40
NVD wrongly changed <10.40 to =10.40 when adding debian_linux=10.0
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-1586#VulnChangeHistorySection
(From OE-Core rev: 63cbfcd0262d65c66762aa6a8b17b8e8b809737f)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-02-24 07:00:53 -08:00
Zhang Peng
4ebaec2ca3
vte: fix CVE-2024-37535
...
CVE-2024-37535:
GNOME VTE before 0.76.3 allows an attacker to cause a denial of service
(memory consumption) via a window resize escape sequence, a related
issue to CVE-2000-0476.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-37535 ]
Upstream patches:
[036bc3ddcbc313849c2epeng.zhang1.cn@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2025-01-24 07:49:28 -08:00
Jiaying Song
82902b3d64
diffoscope: fix CVE-2024-25711
...
diffoscope before 256 allows directory traversal via an embedded
filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa,
may be disclosed to an attacker. This occurs because the value of the
gpg --use-embedded-filenames option is trusted.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-25711
Upstream patches:
458f7f04bcjiaying.song.cn@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-12-09 07:54:03 -08:00
Peter Marko
4df7e37fca
gnupg: ignore CVE-2022-3515
...
This is vulnerability of libksba and we use fixed libksba version
(currently 1.6.4).
(From OE-Core rev: 12007a6d19db220e6540948de9818332192ecde1)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-12-09 07:54:03 -08:00
Vijay Anusuri
880002d47c
libsoup-2.4: Backport fix for CVE-2024-52531
...
import patch from ubuntu to fix
CVE-2024-52531
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/libsoup2.4/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
a35222dd0b825fda3425https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/
https://ubuntu.com/security/CVE-2024-52531
(From OE-Core rev: 763af055ccb1cbcc4f8fa0944815ec02e3bff87c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-12-09 07:54:03 -08:00
Changqing Li
e8c505f7a4
libsoup: fix CVE-2024-52531
...
CVE-2024-52531:
GNOME libsoup before 3.6.1 allows a buffer overflow in applications that
perform conversion to UTF-8 in soup_header_parse_param_list_strict.
Input received over the network cannot trigger this.
Refer:
https://nvd.nist.gov/vuln/detail/CVE-2024-52531
https://gitlab.gnome.org/GNOME/libsoup/-/merge_requests/407/
(From OE-Core rev: 1159c7ef071fa2849f44e921c9b7c27fcbb6bfb3)
Signed-off-by: Changqing Li <changqing.li@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-12-09 07:54:03 -08:00
Vijay Anusuri
c1d55bc349
libsoup-2.4: Backport fix for CVE-2024-52530 and CVE-2024-52532
...
Upstream-Status: Backport from
04df03bc096adc0e3eb729b96fab25vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-27 06:27:25 -08:00
Vijay Anusuri
bac0039c98
libsoup: Fix for CVE-2024-52530 and CVE-2024-52532
...
Upstream-Status: Backport from
04df03bc096adc0e3eb729b96fab25vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-27 06:27:25 -08:00
Peter Marko
e82352ffb4
curl: patch CVE-2024-9681
...
Picked commit [1] per solution described in [2].
[1] https://github.com/curl/curl/commit/a94973805df96269bf
[2] https://curl.se/docs/CVE-2024-9681.html
(From OE-Core rev: fbb8928ea85980bb866febd66e5e18ad843dbef8)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-15 06:05:32 -08:00
Martin Jansa
57e51d5df3
at-spi2-core: backport a patch to fix build with gcc-14 on host
...
* fixes:
| ../at-spi2-core-2.42.0/atspi/atspi-device-listener.c: In function ?atspi_device_listener_new_simple?:
| ../at-spi2-core-2.42.0/atspi/atspi-device-listener.c:252:37: error: passing argument 1 of ?atspi_device_listener_new? from incompatible pointer type [-Wincompatible-pointer-types]
| 252 | return atspi_device_listener_new (device_remove_datum, callback, callback_destroyed);
| | ^~~~~~~~~~~~~~~~~~~
| | |
| | gboolean (*)(const AtspiDeviceEvent *, void *) {aka int (*)(const struct _AtspiDeviceEvent *, void *)}
| ../at-spi2-core-2.42.0/atspi/atspi-device-listener.c:222:50: note: expected ?AtspiDeviceListenerCB? {aka ?int (*)(struct _AtspiDeviceEvent *, void *)?} but argument is of type ?gboolean (*)(const AtspiDeviceEvent *, void *)? {aka ?int (*)(const struct _AtspiDeviceEvent *, void *)?}
| 222 | atspi_device_listener_new (AtspiDeviceListenerCB callback,
| | ~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~
(From OE-Core rev: e361d9e1021d7715d2b4e3af95832c910de67cad)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-02 06:32:36 -07:00
Martin Jansa
7274615f22
libffi: backport a fix to build libffi-native with gcc-14
...
(From OE-Core rev: 1054417a217417ab192dc4aee8307133451fb0e4)
Signed-off-by: Martin Jansa <martin.jansa@gmail.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-02 06:32:36 -07:00
Steve Sakoman
0186d190a1
bmap-tools: update HOMEPAGE and SRC_URI
...
The bmaptool (previously: bmap-tools, bmap-tool, bmaptool) has been moved
to be under the Yocto Project umbrella and is now hosted at:
github.com/yoctoproject/bmaptool
(From OE-Core rev: 7678ae7fc255621d91271599b5f4491520387279)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-02 06:32:36 -07:00
Rohini Sangam
f7fe946ab3
vim: Upgrade 9.1.0698 -> 9.1.0764
...
This includes CVE-fix for CVE-2024-45306 and CVE-2024-47814
Changes between 9.1.0698 -> 9.1.0764
====================================
https://github.com/vim/vim/compare/v9.1.0698...v9.1.0764
(From OE-Core rev: 774fae9cb522683f722f3075531075be9fa36770)
Signed-off-by: Rohini Sangam <rsangam@mvista.com >
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com >
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 2f0e5e63399e544063c79b0b1f9555c820b0604c)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-02 06:32:36 -07:00
Siddharth Doshi
94a4d7746d
vim: Upgrade 9.1.0682 -> 9.1.0698
...
This includes CVE-fix for CVE-2024-43790 and CVE-2024-43802
Changes between 9.1.0682 -> 9.1.0698
====================================
https://github.com/vim/vim/compare/v9.1.0682...v9.1.0698
(From OE-Core rev: 45ef5c80b1085d88d08679025bab13161c1f1fb2)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit e530265415d93e3f49ec7874cf720aad18ab2e22)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-11-02 06:32:36 -07:00
Mingli Yu
e54070cd37
curl: free old conn better on reuse
...
Backport a patch [1] to free old conn better on reuse to
fix the memory leak issue [2].
[1] https://github.com/curl/curl/commit/06d1210
[2] https://github.com/curl/curl/issues/8841
(From OE-Core rev: fbb820cdfc480e2481d51b9a1057454832f02b23)
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-10-07 05:43:22 -07:00
Peter Marko
3a172a5aa5
gnupg: Document CVE-2022-3219 and mark wontfix
...
(From OE-Core rev: f10f9c3a8d2c17d5a6c3f0b00749e5b34a66e090)
(From OE-Core rev: fe094c2d50ffe11627efa6c0807a289c1ee6eb74)
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-10-07 05:43:22 -07:00
Vijay Anusuri
f5c9fab6c4
curl: backport Debian patch for CVE-2024-8096
...
import patch from ubuntu to fix
CVE-2024-8096
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/curl/tree/debian/patches?h=ubuntu/jammy-security
Upstream commit
aeb1a281cahttps://curl.se/docs/CVE-2024-8096.html
(From OE-Core rev: 5383b18d4f8023b49cdadf7c777aaecf55d95dc1)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-10-07 05:43:22 -07:00
Vijay Anusuri
62de516d0e
apr: upgrade 1.7.2 -> 1.7.5
...
Refreshed patch 0001-configure-Remove-runtime-test-for-mmap-that-can-map-.patch
Includes security fix
CVE-2023-49582
changelog:
https://downloads.apache.org/apr/CHANGES-APR-1.7
(From OE-Core rev: 4eb12d8683bd22b6503a64070b81b52f0d2f373a)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-09-07 05:38:17 -07:00
Vrushti Dabhi
dd123d8eda
sqlite3: Rename patch for CVE-2022-35737
...
The patch "0001-sqlite-Increased-the-size-of-loop-variables-in-the-printf-implementation.patch"
fixes CVE-2022-35737.
(From OE-Core rev: 9a875873e566a6673a65a8264fd0868c568e2a2c)
Signed-off-by: Vrushti Dabhi <vrushti.dabhi@einfochips.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-09-07 05:38:17 -07:00
Vrushti Dabhi
bf6aca4b29
sqlite3: CVE-ID correction for CVE-2023-7104
...
- The commit [https://sqlite.org/src/info/0e4e7a05c4204b47 ]
("Fix a buffer overread in the sessions extension that could occur when processing a corrupt changeset.")
fixes CVE-2023-7104 instead of CVE-2022-46908.
- Hence, corrected the CVE-ID in CVE-2023-7104.patch.
- Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-7104
(From OE-Core rev: 9d7f21f3d0ae24d0005076396e9a929bb32d648e)
Signed-off-by: Vrushti Dabhi <vrushti.dabhi@einfochips.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-09-07 05:38:17 -07:00
Siddharth Doshi
cada1f30e8
vim: Upgrade 9.1.0114 -> 9.1.0682
...
This includes CVE-fix for CVE-2024-41957, CVE-2024-41965 and CVE-2024-43374
Changes between 9.1.0114 -> 9.1.0682
====================================
https://github.com/vim/vim/compare/v9.1.0114...v9.1.0682
Note:
====
Removed patch "vim-add-knob-whether-elf.h-are-checked.patch" as libelf checks are removed from configure.ac as per
commit 1acc67ac44sdoshi@mvista.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
(cherry picked from commit 6d2938e53cad5d9bf2e78a5403e9f9fab1db77b4)
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-09-04 05:57:57 -07:00
Hitendra Prajapati
92cb089717
vim: upgrade from 9.0.2190 -> 9.1.0114
...
https://www.vim.org/vim-9.1-released.php
Vim 9.1 is available
The Vim project is happy to announce that Vim 9.1 has finally been released.
This release is dedicated to Bram Moolenaar, Vim's lead developer for more
than 30 years, who passed away half a year ago. The Vim project wouldn't
exist without his work!
Vim 9.1 is mainly a bug fix release, it contains hundreds of bug fixes, a
few new features and there are many minor improvements.
Changes:
https://github.com/vim/vim/compare/v9.0.2190...v9.1.0114
CVE: CVE-2024-22667
(includes commit b39b240c38hprajapati@mvista.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-09-04 05:57:57 -07:00
Peter Marko
1f5be803ee
curl: Ignore CVE-2024-32928
...
This CVE affects google cloud services that utilize libcurl wrongly.
(From OE-Core rev: 27ac7879711e7119b4ec8b190b0a9da5b3ede269)
Changed CVE ignore syntax
(From OE-Core rev: ad703de483258f459acc6a40385ad00a5182eb64)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-09-04 05:57:57 -07:00
Peter Marko
da07e6ee34
libyaml: Ignore CVE-2024-35325
...
This is similar CVE as the previous ones from the same author.
https://github.com/yaml/libyaml/issues/303 explain why this is misuse
(or wrong use) of libyaml.
(From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1)
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Steve Sakoman <steve@sakoman.com >
2024-09-04 05:57:57 -07:00
