From: Meenali Gupta
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-48795
Signed-off-by: Meenali Gupta
---
.../libssh2/libssh2/CVE-2023-48795.patch | 459 ++
.../recipes-support/libssh2/libssh2_1.10.0.bb | 1 +
2 files changed, 460 insertions(+)
create mode 100644
From: Meenali Gupta
libexpat through 2.5.0 allows a denial of service (resource consumption) because
many full reparsings are required in the case of a large token for which
multiple
buffer fills are needed.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52425
Changes related to test di
From: Meenali Gupta
libexpat through 2.5.0 allows a denial of service (resource consumption) because
many full reparsings are required in the case of a large token for which
multiple
buffer fills are needed.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52425
Signed-off-by: Meenali Gup
From: Meenali Gupta
A flaw was found in Expat (libexpat). If XML_DTD is undefined at compile time, a
recursive XML Entity Expansion condition can be triggered.This issue may lead to
a condition where data is expanded exponentially, which will quickly consume
system
resources and cause a denial o
: [oe-core][kirkstone][PATCH 1/1] expat: fix CVE-2023-52426
CAUTION: This email comes from a non Wind River email account!
Do not click links or open attachments unless you recognize the sender and know
the content is safe.
On Thu, 2024-03-07 at 16:08 -0800, Meenali Gupta via
lists.openembedded.org
From: Meenali Gupta
Package and run benchmark as part of ptest
This is a major release with following changes [1]
ChangeLog:
https://github.com/libexpat/libexpat/blob/R_2_6_1/expat/Changes
Security fixes:
#789 #814 CVE-2023-52425 -- Fix quadratic runtime issues with big tokens
From: Meenali Gupta
A flaw was found in Expat (libexpat). If XML_DTD is undefined at compile time,
a recursive XML Entity
Expansion condition can be triggered. This issue may lead to a condition where
data is expanded exponentially,
which will quickly consume system resources and cause a denial
From: Meenali Gupta
A flaw was found in the SSH channel integrity.By manipulating sequence
numbers during the handshake,an attacker can remove the initial messages
on the secure channel without causing a MAC failure. For example,an attacker
could disable the ping extension and thus disable the ne
lines).
Patch CVE-2023-48795.patch does not apply (enforce with -f)
Please submit a V2 with these issues fixed.
Thanks!
Steve
On Tue, Jan 2, 2024 at 11:02 PM Meenali Gupta via
lists.openembedded.org
wrote:
>
> From: Meenali Gupta
>
> A flaw was found in the SSH channel integrity
From: Meenali Gupta
A flaw was found in the SSH channel integrity.
By manipulating sequence numbers during the handshake,
an attacker can remove the initial messages on the secure
channel without causing a MAC failure. For example, an attacker
could disable the ping extension and thus disable the
Hi Ross,
As discussed with Vijay, we'll cooperate on this CVE fixes.
Regards
Meenali
From: Vijay Anusuri
Sent: 16 November 2023 21:31
To: jpuhl...@mvista.com ; Ross Burton
; Gupta, Meenali
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core][k
cherry-pick patches from v1 because 5/5 doesn't apply standalone.
You hsould not push this work on the maintainers.
On 16/11/2023 11:44:50+0000, Meenali Gupta via lists.openembedded.org wrote:
> From: Meenali Gupta
>
> A vulnerability was found in Avahi. A reachable assertion e
From: Meenali Gupta
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_rdata_parse() function.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38472.patch | 46 +++
2 files chang
From: Meenali Gupta
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_alternative_host_name() function.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38473.patch | 110 ++
2
From: Meenali Gupta
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_rdata_parse() function.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38472.patch | 46 +++
2 files chang
From: Meenali Gupta
A vulnerability was found in Avahi. A reachable assertion exists
in the dbus_set_host_name function.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38471.patch | 73 +++
2 files change
From: Meenali Gupta
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_escape_label() function.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38470.patch | 59 +++
2 files chan
From: Meenali Gupta
A vulnerability was found in Avahi, where a reachable assertion exists
in avahi_dns_packet_append_record.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38469.patch | 48 +++
2 files c
From: Meenali Gupta
A vulnerability was found in Avahi. A reachable assertion
exists in the avahi_alternative_host_name() function.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38473.patch | 108 ++
2
From: Meenali Gupta
A vulnerability was found in Avahi. A reachable assertion
exists in the avahi_rdata_parse() function.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38472.patch | 46 +++
2 files chang
From: Meenali Gupta
A vulnerability was found in Avahi, where a reachable assertion
exists in avahi_dns_packet_append_record.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38469.patch | 47 +++
2 files c
From: Meenali Gupta
A vulnerability was found in Avahi. A reachable assertion exists
in the avahi_escape_label() function.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38470.patch | 59 +++
2 files chan
From: Meenali Gupta
A vulnerability was found in Avahi. A reachable assertion exists
in the dbus_set_host_name function.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38471.patch | 73 +++
2 files change
From: Meenali Gupta
The only allowed exception is single dot, where it should return empty
string.
Signed-off-by: Meenali Gupta
---
meta/recipes-connectivity/avahi/avahi_0.8.bb | 1 +
.../avahi/files/CVE-2023-38470.patch | 54 +++
2 files changed, 55 insertions(+)
c
License-Update: additional firmwares
upgrade include fix for CVE-2023-20569 CVE-2022-40982 CVE-2023-20593
Changelog:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-20569
https://nvd.nist.gov/vu
Backport two patches [1] [2] to fix CVE-2023-36617
Signed-off-by: Meenali Gupta
---
.../ruby/ruby/CVE-2023-36617_1.patch | 52 +++
.../ruby/ruby/CVE-2023-36617_2.patch | 47 +
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 2 +
3 files changed,
Buffer Overflow vulnerability in function bitwriter_grow_ in flac before
1.4.0 allows remote attackers to run arbitrary code via crafted input to
the encoder.
Signed-off-by: Meenali Gupta
---
.../flac/files/CVE-2020-22219.patch | 197 ++
meta/recipes-multimedia/flac/fla
heap out of bound read in builtin.c
Signed-off-by: Meenali Gupta
---
.../gawk/gawk/CVE-2023-4156.patch | 46 +++
meta/recipes-extended/gawk/gawk_5.1.1.bb | 1 +
2 files changed, 47 insertions(+)
create mode 100644 meta/recipes-extended/gawk/gawk/CVE-2023-4156.p
There is a stack overflow vulnerability in ash.c:6030 in busybox
vbefore 1.35. In the environment of Internet of Vehicles, this
vulnerability can be executed from command to arbitrary code execution.
Signed-off-by: Meenali Gupta
---
.../busybox/busybox/CVE-2022-48174.patch | 80
29 matches
Mail list logo