On Mon, 2024-04-08 at 11:55 -0600, Dan McGregor wrote:
> On Sat, 6 Apr 2024 at 01:28, Richard Purdie
> wrote:
> >
> > On Fri, 2024-04-05 at 11:10 -0600, Dan McGregor wrote:
> > > From: Dan McGregor
> > >
> > > OpenSSH supports FIDO security keys in both the client
> > > and server. Add an
On 2024-04-03 3:08 p.m., Martin Hundebøll wrote:
On Wed, 2024-04-03 at 17:58 +0200, Alexander Kanavin wrote:
We can't carry this mass of patches. It has to land upstream first.
Understandable.
Are you able/willing to drive the upstream pull request to
completion?
No, I don't think so. I'm
On Sat, 6 Apr 2024 at 01:28, Richard Purdie
wrote:
>
> On Fri, 2024-04-05 at 11:10 -0600, Dan McGregor wrote:
> > From: Dan McGregor
> >
> > OpenSSH supports FIDO security keys in both the client
> > and server. Add an option to support them in oe.
> > This change requires a new recipe that
On Mon, 8 Apr 2024 at 06:51, Enrico Scholz
wrote:
>
> "Dan McGregor" writes:
>
> > Add support for the nfsv4 user ID mapping daemon, configured with
> > a sensible default, and add a packageconfig for Kerberos support.
> >
> > This is reasonably tested in production in our environment, but only
From: Chen Qi
For all those CVE-2019-x CVEs, following the links in NVD, we
can see they have all been fixed.
For CVE-2014-4859 and CVE-2014-4860, there's no useful links in NVD,
but according to the following two links, they have also been fixed.
Yes, of course.
I've briefly checked all these CVE-2019-xxx links, they have all been fixed.
I'll send out a patch.
Regards,
Qi
-Original Message-
From: Richard Purdie
Sent: Monday, April 8, 2024 7:57 PM
To: Steve Sakoman ;
openembedded-core@lists.openembedded.org;
Includes a fix for CVE-2024-28182.
Signed-off-by: Richard Purdie
---
.../nghttp2/{nghttp2_1.60.0.bb => nghttp2_1.61.0.bb}| 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/recipes-support/nghttp2/{nghttp2_1.60.0.bb => nghttp2_1.61.0.bb}
(91%)
diff --git
"""
This release contains the 3 security fixes that actually apply to
Xwayland reported in today's security advisory:
* CVE-2024-31080
* CVE-2024-31081
* CVE-2024-31083
Additionally, it also contains a couple of other fixes, a copy/paste
error in the DeviceStateNotify event and a fix to
"Dan McGregor" writes:
> Add support for the nfsv4 user ID mapping daemon, configured with
> a sensible default, and add a packageconfig for Kerberos support.
>
> This is reasonably tested in production in our environment, but only
> systemd support. There'll be some more work to do to get
On Sun, 2024-04-07 at 01:19 -1000, Steve Sakoman wrote:
> Branch: master
>
> New this week: 21 CVEs
> CVE-2014-4859 (CVSS3: 6.8 MEDIUM): ovmf:ovmf-native
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4859 *
> CVE-2014-4860 (CVSS3: 6.8 MEDIUM): ovmf:ovmf-native
>
From: Alexander Kanavin
RP: The upgrade covers these security issues:
CVE-2022-36763
CVE-2022-36764
CVE-2022-36765
CVE-2023-45229
CVE-2023-45230
CVE-2023-45231
CVE-2023-45232
CVE-2023-45233
CVE-2023-45234
CVE-2023-45235
CVE-2023-45236
CVE-2023-45237
Signed-off-by: Alexander Kanavin
On 08/04/2024 11:59:04+0200, Alexandre Belloni wrote:
> Since this merged, we have:
>
> WARNING: ovmf-native-edk2-stable202308-r0 do_cve_check: edk2: Failed to
> compare 202308 < svn_16280 for CVE-2014-8271
This is because the second patch wasn't merged
>
> On 06/04/2024 12:41:28+0800, Chen
Since this merged, we have:
WARNING: ovmf-native-edk2-stable202308-r0 do_cve_check: edk2: Failed to compare
202308 < svn_16280 for CVE-2014-8271
On 06/04/2024 12:41:28+0800, Chen Qi via lists.openembedded.org wrote:
> From: Chen Qi
>
> Set CVE_PRODUCT and CVE_VERSION for ovmf. NVD uses 'edk2'
From: Peter Marko
Even the patch says it's inappropriate for upstream,
and it's also inappropriate for some downstream projects, too.
So make it possible to opt-out on it.
Signed-off-by: Peter Marko
---
meta/recipes-core/systemd/systemd_255.4.bb | 4 +++-
1 file changed, 3 insertions(+), 1
14 matches
Mail list logo
