From: Siddharth Doshi
CVE's Fixed by upgrade:
CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
Other Changes between 2.4.7 -> 2.4.9
https://github.com/OpenPrinting/cups/blob/2.4.x/CHANGES.md
Signed-off-by: Siddharth Doshi
---
meta/recipes-extended
From: Siddharth Doshi
CVE's Fixed by upgrade:
CVE-2024-35235 cups: Cupsd Listen arbitrary chmod 0140777
Other Changes between 2.4.8 -> 2.4.9
https://github.com/OpenPrinting/cups/blob/2.4.x/CHANGES.md
Signed-off-by: Siddharth Doshi
---
meta/recipes-extended
CVE's Fixed by upgrade:
CVE-2024-4741: Fixed potential use after free after SSL_free_buffers() is called
CVE-2024-4603: Fixed an issue where checking excessively long DSA keys or
parameters may be very slow
CVE-2024-2511: Fixed unbounded memory growth with session handling in TLSv1.3
Bugs Fixed b
CVE's Fixed by upgrade:
CVE-2024-4741: Fixed potential use after free after SSL_free_buffers() is called
CVE-2024-4603: Fixed an issue where checking excessively long DSA keys or
parameters may be very slow
CVE-2024-2511: Fixed unbounded memory growth with session handling in TLSv1.3
Removed back
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac,
https://github.com/openssl/openssl/commit/10171e5b511b700c5ecd4fd3e1086b19c34b1ae3,
https://github.com/openssl/openssl/commit/ec87bc54c8ccc13caa29bc7f74ae
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/openssl/openssl/commit/b3f0eb0a295f58f16ba43ba99dad70d4ee5c437d,
https://github.com/openssl/openssl/commit/2d05959073c4bf8803401668b9df85931a08e020,
https://github.com/openssl/openssl/commit/6fef334f914abfcd988e53a32d19
>> Nitpick : above commit link references commit for CVE-2024-4603 (copy+paste
>> error).
- Ahh, that's silly of me. Guess the cup of coffee didnt take away the
drowsiness completely.. Thank-you for pointing it out.
>> The main problem of this patch (and the same patch for scarthgap) is that
>
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/openssl/openssl/commit/3559e868e58005d15c6013a0c1fd832e51c73397]
CVE's Fixed:
CVE-2024-4741:Use After Free with SSL_free_buffers
Signed-off-by: Siddharth Doshi
---
.../openssl/openssl/CVE-2024-4741.patch | 76
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/openssl/openssl/commit/c88c3de51020c37e8706bf7a682a162593053aac]
CVE's Fixed:
CVE-2024-4741:Use After Free with SSL_free_buffers
Signed-off-by: Siddharth Doshi
---
.../openssl/openssl/CVE-2024-4741.patch | 44
From: Siddharth Doshi
CVE's Fixed:
CVE-2023-43785: libX11: out-of-bounds memory access in _XkbReadKeySyms()
CVE-2023-43786: libX11: stack exhaustion from infinite recursion in
PutSubImage()
CVE-2023-43787: libX11: integer overflow in XCreateImage() leading to a heap
overflow
Signed-off-by: Sid
From: Siddharth Doshi
This includes CVE fix for CVE-2023-5535.
Signed-off-by: Siddharth Doshi
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 51247cbe0a..d8e88
From: Siddharth Doshi
This includes CVE fix for CVE-2023-5535.
Signed-off-by: Siddharth Doshi
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5e06866692..58025
From: Siddharth Doshi
This includes CVE fix for CVE-2023-5535.
Signed-off-by: Siddharth Doshi
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5e06866692..58025
From: Siddharth Doshi
This includes CVE fix for CVE-2023-5535.
Signed-off-by: Siddharth Doshi
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5e06866692..58025
From: Siddharth Doshi
Upstream-Status: Backport from
[https://gitlab.com/libtiff/libtiff/-/commit/4fc16f649fa2875d5c388cf2edc295510a247ee5]
CVE: CVE-2023-40745
Signed-off-by: Siddharth Doshi
---
.../libtiff/tiff/CVE-2023-40745.patch | 34 +++
meta/recipes-multimedia/lib
From: Siddharth Doshi
- This upgrade includes multiple security fixes.
CVE-2022-4883
CVE-2022-44617
CVE-2022-46285
CVE-2022-44617
CVE-2023-43788
CVE-2023-43789
- Removed CVE-2022-46285 as it is already fixed by this upgrade.
- License-update: additional copyright holders
f0857c0 man pages: Corr
From: Siddharth Doshi
Upstream has switched some new releases from bz2 to xz compression. Add
an XORG_EXT variable so recipes can set the file name extension needed
for the compression type.
Following the approach in oe-core/master:
6a8068e036b4b2a40b38896275b936916b4db76e
xorg-lib-common: Add
From: Siddharth Doshi
This release fixes the following CVEs:
- CVE-2023-43788
- CVE-2023-43789
Signed-off-by: Ross Burton
Signed-off-by: Siddharth Doshi
---
.../xorg-lib/{libxpm_3.5.16.bb => libxpm_3.5.17.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename meta/reci
From: Siddharth Doshi
CVE's Fixed:
CVE-2023-29499: glib: GVariant offset table entry size is not checked in
is_normal()
CVE-2023-32611: glib: g_variant_byteswap() can take a long time with some
non-normal inputs
CVE-2023-32636: glib: Timeout in fuzz_variant_text
CVE-2023-32643: glib: Heap-buffe
From: Siddharth Doshi
This includes CVE fix for CVE-2023-5441.
Signed-off-by: Siddharth Doshi
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 73e639d7b1..51247
From: Siddharth Doshi
This includes CVE fix for CVE-2023-5441.
Signed-off-by: Siddharth Doshi
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5f55f590e6..5e068
Please ignore the above message.
Sent by mistake .
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#188981):
https://lists.openembedded.org/g/openembedded-core/message/188981
Mute This Topic: https://lists.openembedded.org/mt/101805676/21656
Group O
From: Peter Marko
Adresses CVE-2023-4911.
Single commit bump:
* c84018a05ae tunables: Terminate if end of input is reached (CVE-2023-4911)
Signed-off-by: Peter Marko
Signed-off-by: Steve Sakoman
---
meta/recipes-core/glibc/glibc-version.inc | 2 +-
meta/recipes-core/glibc/glibc_2.35.bb |
From: Siddharth Doshi
This includes CVE fix for CVE-2023-5441.
Signed-off-by: Siddharth Doshi
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5f55f590e6..5e068
From: Siddharth Doshi
This includes CVE fix for CVE-2023-5441.
Signed-off-by: Siddharth Doshi
---
meta/recipes-support/vim/vim.inc | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc
index 5f55f590e6..5e068
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c]
CVE: CVE-2023-39318
Upstream-Status: Backport from
[https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5]
CVE: CVE-2023-39319
Signed-off-by
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c]
CVE: CVE-2023-39318
Signed-off-by: Siddharth Doshi
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2023-39318.patch | 238
From: Siddharth Doshi
Upstream-Status: Backport from
[https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c]
CVE: CVE-2023-39318
Signed-off-by: Siddharth Doshi
---
meta/recipes-devtools/go/go-1.17.13.inc | 1 +
.../go/go-1.21/CVE-2023-39318.patch | 238
From: Siddharth Doshi
Upstream-Status: Backport from
[https://gitlab.gnome.org/GNOME/libxml2/-/commit/d0c3f01e110d54415611c5fa0040cdf4a56053f9,
https://gitlab.gnome.org/GNOME/libxml2/-/commit/235b15a590eecf97b09e87bdb7e4f8333e9de129]
CVE: CVE-2023-39615
Signed-off-by: Siddharth Doshi
---
...
From: Siddharth Doshi
Note: The Fix needs to be pushed in gdb rather than bintuils-gdb as we are
disabling gdb in binutils configure.
Upstream-Status: Backport from
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d]
CVE: CVE-2023-39128
Signed-o
From: Siddharth Doshi
Note: The Fix needs to be pushed in gdb rather than bintuils-gdb as we are
disabling gdb in binutils configure.
Upstream-Status: Backport from
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d]
CVE: CVE-2023-39128
Signed-o
opps. Please ignore this.
Sent by mistake. Apologies for the error.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187481):
https://lists.openembedded.org/g/openembedded-core/message/187481
Mute This Topic: https://lists.openembedded.org/mt/101288
From: Changqing Li
Fix an issue with early log messages being lost when running in systemd.
Signed-off-by: Changqing Li
Signed-off-by: Steve Sakoman
---
...KillMode-process-is-not-recommended-.patch | 33
...-messages-lost-when-running-in-syste.patch | 75 +++
.../sys
From: Siddharth Doshi
Note: The Fix needs to be pushed in gdb rather than bintuils-gdb as we are
disabling gdb in binutils configure.
Upstream-Status: Backport from
[https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=033bc52bb6190393c8eed80925fa78cc35b40c6d]
CVE: CVE-2023-39128
Signed-o
Hi Sanjana,
Thank-you for this patch.
But, i feel this is not the right way to patch this vulnerability. No doubts
the patch is released for binutils-gdb, but that is because the sources are
merged.
However, in our systems, the command gdb comes from gdb package and not from
bintuils-gdb.
Ad
I guess i missed the patch status. Apologies for that.
Thank-you for updating me on the status.
Regards,
Siddharth
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187477):
https://lists.openembedded.org/g/openembedded-core/message/187477
Mute This
Hi Team,
Any updates for this patch?
Regards,
Siddharth
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#187399):
https://lists.openembedded.org/g/openembedded-core/message/187399
Mute This Topic: https://lists.openembedded.org/mt/100951881/21656
G
ooopps...my bad.
I just checked in
https://autobuilder.yocto.io/pub/non-release/patchmetrics/cve-status-kirkstone.txt
(
https://autobuilder.yocto.io/pub/non-release/patchmetrics/cve-status-kirkstone.txt
) and submitted a patch without checking if its already submitted or not.
Thanks for the u
From: Siddharth Doshi
Upstream-Status: Backport from
[https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6]
CVE: CVE-2023-40303
Signed-off-by: Siddharth Doshi
---
.../inetutils/inetutils/CVE-2023-40303.patch | 283 ++
.../inetutil
Hi Steve,
Please find the detailed error log:
{{{
| [629/6213] Compiling C object libqemuutil.a.p/stubs_win32-kbd-hook.c.o
| [630/6213] Compiling C object libqemuutil.a.p/stubs_replay-tools.c.o
| [631/6213] Compiling C object fsdev/virtfs-proxy-helper.p/9p-marshal.c.o
| [632/6213] Compiling C obje
The commit
[https://github.com/openembedded/openembedded-core/commit/9bd4ddeb4b5efc65b0514d50d6991211271924c1]
backports fix for CVE-2023-2861 for version 6.2.0.
The 'qemu_fstat' in `do_create_others' is not defined which leads to the
undefined symbol error on certain architectures.
Also, the c
41 matches
Mail list logo
