80ecd63cc84d7eb9db26ec47d4afcf5a59d598e8)
Signed-off-by: virendra thakur
---
.../perl/files/CVE-2023-31486-0001.patch | 216 ++
.../perl/files/CVE-2023-31486-0002.patch | 36 +++
meta/recipes-devtools/perl/perl_5.30.1.bb | 2 +
3 files changed, 254 insertions
the fix for this issue seems to be the same as the one for the issue
described by CVE-2023-25584.
Reference: https://ubuntu.com/security/CVE-2022-47673
Signed-off-by: virendra thakur
---
meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch | 3 ++-
1 file changed, 2 insertions(+), 1
Add patch file to fix CVE-2022-48065
Reference:
https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.9/binutils_2.34-6ubuntu1.9.debian.tar.xz
Signed-off-by: virendra thakur
---
.../binutils/binutils-2.34.inc| 1 +
.../binutils/binutils/CVE-2022
Add patch file to fix CVE-2022-45703
Reference:
https://answers.launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.8/binutils_2.34-6ubuntu1.8.debian.tar.xz
Signed-off-by: virendra thakur
---
.../binutils/binutils-2.34.inc| 2 +
.../binutils/binutils
Add patch file to fix CVE-2022-44840
Reference:
https://answers.launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.8/binutils_2.34-6ubuntu1.8.debian.tar.xz
Signed-off-by: virendra thakur
---
.../binutils/binutils-2.34.inc| 1 +
.../binutils/binutils
PKCS12 structures contain PKCS7 ContentInfo fields. These fields are
optional and can be NULL even if the "type" is a valid value. OpenSSL
was not properly accounting for this and a NULL dereference can occur
causing a crash.
Signed-off-by: virendra thakur
---
.../openssl/openssl/CVE
byte.
Link:
https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba
Signed-off-by: virendra thakur
---
...possible-bad-memory-access-in-file_r.patch | 50 +++
meta/recipes-devtools/opkg/opkg_0.4.2.bb | 1 +
2 files changed, 51 insertions
From: Virendra Thakur
Fix below CVE's
CVE-2022-47007
CVE-2022-47008
CVE-2022-47010
CVE-2022-47011
CVE-2022-48063
CVE-2022-47695
Signed-off-by: Virendra Thakur
---
.../binutils/binutils-2.34.inc| 6 ++
.../binutils/binutils/CVE-2022-47007.patch| 32 ++
.../bin
From: Virendra Thakur
Add patch to fix CVE-2023-38408
Upstream-Status: Backport
[https://launchpadlibrarian.net/680920377/openssh_8.2p1-4ubuntu0.9.debian.tar.xz]
Signed-off-by: Virendra Thakur
---
.../openssh/openssh/CVE-2023-38408-1.patch| 31
.../openssh/openssh/CVE-2023-38408-3
From: Ross Burton
(From OE-Core rev: c2dd2c13ff26c3f046e35a2f6b8afeb099ef422a)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit 9a106486ad7900924a87c5869702903204a35b54)
Signed-off-by: virendra thakur
---
meta/recipes-devtools/ninja/ninja_1.10.0.bb | 3
From: Ross Burton
(From OE-Core rev: c2dd2c13ff26c3f046e35a2f6b8afeb099ef422a)
Signed-off-by: Ross Burton
Signed-off-by: Richard Purdie
(cherry picked from commit 9a106486ad7900924a87c5869702903204a35b54)
Signed-off-by: virendra thakur
---
meta/recipes-devtools/ninja/ninja_1.10.2.bb | 3
From: Virendra Thakur
This CVE is related to Windows.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664
Signed-off-by: Virendra Thakur
---
meta/recipes-devtools/qemu/qemu.inc | 5 +
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes
please ignore this patch
From: virendra thakur
Sent: Thursday, April 27, 2023 2:36 PM
To: openembedded-core@lists.openembedded.org
Cc: Virendra Kumar Thakur
Subject: [meta][kirkstone][PATCH] qemu: Whitelist CVE-2023-0664
Caution: This email originated from
From: Virendra Thakur
This CVE is related to Windows.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664
Signed-off-by: Virendra Thakur
---
meta/recipes-devtools/qemu/qemu.inc | 5 +
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes
From: Virendra Thakur
This CVE is related to Windows.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664
Signed-off-by: Virendra Thakur
---
meta/recipes-devtools/qemu/qemu.inc | 9 +++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
From: Virendra Thakur
This CVE is related to Windows.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664
Signed-off-by: Virendra Thakur
---
meta/recipes-devtools/qemu/qemu.inc | 5 +
1 file changed, 5 insertions(+)
diff --git a/meta/recipes-devtools/qemu/qemu.inc
b/meta/recipes
zlib v1.2.11 as used in Windows binary releases contains a security
issue.
Link: https://bugs.python.org/issue47194
Signed-off-by: virendra thakur
---
meta/recipes-devtools/python/python3_3.8.13.bb | 4
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-devtools/python
: virendra thakur
---
meta/recipes-devtools/qemu/qemu.inc | 1 +
...ulip-Restrict-DMA-engine-to-memories.patch | 64 +++
2 files changed, 65 insertions(+)
create mode 100644
meta/recipes-devtools/qemu/qemu/0001-net-tulip-Restrict-DMA-engine-to-memories.patch
diff --git a/meta
From: Virendra Thakur
Add patch to fix CVE-2021-3750
Signed-off-by: Virendra Thakur
---
meta/recipes-devtools/qemu/qemu.inc | 3 +
.../qemu/qemu/CVE-2021-3750-1.patch | 59 +++
.../qemu/qemu/CVE-2021-3750-2.patch | 65
.../qemu/qemu/CVE-2021-3750
Attached patch file also.
From: openembedded-core@lists.openembedded.org
on behalf of Virendra Thakur via
lists.openembedded.org
Sent: Saturday, October 1, 2022 11:20 AM
To: openembedded-core@lists.openembedded.org
Cc: st...@sakoman.com
Subject: [OE-Core
Add patch to fix CVE-2021-3750
Signed-off-by: Virendra Thakur
---
meta/recipes-devtools/qemu/qemu.inc | 3 +
.../qemu/qemu/CVE-2021-3750-1.patch | 59 +++
.../qemu/qemu/CVE-2021-3750-2.patch | 65
.../qemu/qemu/CVE-2021-3750-3.patch | 156
Hi ,
attaching patch file.
From: openembedded-core@lists.openembedded.org
on behalf of Virendra Thakur via
lists.openembedded.org
Sent: Thursday, September 22, 2022 2:31 PM
To: openembedded-core@lists.openembedded.org
Cc: Virendra Kumar Thakur
Subject
From: Virendra Thakur
Add patch file to fix CVE-2022-40674
Link:
https://github.com/libexpat/libexpat/pull/629/commits/4a32da87e931ba54393d465bb77c40b5c33d343b
Signed-off-by: Virendra Thakur
---
.../expat/expat/CVE-2022-40674.patch | 53 +++
meta/recipes-core/expat
: Virendra Thakur
Add patch file to fix CVE-2020-35527
Reference:
https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecurity.debian.org%2Fdebian-security%2Fpool%2Fupdates%2Fmain%2Fs%2Fsqlite3%2Fsqlite3_3.27.2-3%2Bdeb10u2.debian.tar.xz&data=05%7C01%7CVirendra.Thakur%40kpit
From: Virendra Thakur
Add patch file to fix CVE-2020-35527
Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz
Signed-off-by: Virendra Thakur
---
.../sqlite/files/CVE-2020-35527.patch | 22 +++
meta
7:25 PM
To: openembedded-core@lists.openembedded.org
Cc: st...@sakoman.com ; Virendra Kumar Thakur
Subject: [OE-Core][dunfell][PATCH 1/2] sqlite3: Fix CVE-2020-35525
From: Virendra Thakur
Add patch to fix CVE-2020-35525
Reference:
https://apc01.safelinks.protection.outlook.com/?url=http%3A
From: Virendra Thakur
Add patch to fix CVE-2020-35525
Reference:
http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz
Signed-off-by: Virendra Thakur
---
.../sqlite/files/CVE-2020-35525.patch | 21 +++
meta
Please take this patch .
removed change-ID as its not needed.
From: openembedded-core@lists.openembedded.org
on behalf of Virendra Thakur via
lists.openembedded.org
Sent: Friday, September 9, 2022 10:41 AM
To: Steve Sakoman
Cc: openembedded-core
-Core][dunfell][PATCH] tiff: Fix for CVE-2022-2867/8/9
Caution: This email originated from outside of the KPIT. Do not click links or
open attachments unless you recognize the sender and know the content is safe.
On Wed, Sep 7, 2022 at 7:04 PM Virendra Thakur via
lists.openembedded.org
wrote
From: Virendra Thakur
Add Patch to fix CVE-2022-2867, CVE-2022-2868
CVE-2022-2869
Signed-off-by: Virendra Thakur
---
...022-2867-CVE-2022-2868-CVE-2022-2869.patch | 159 ++
meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
2 files changed, 160 insertions(+)
create mode
When we are planning to integrate this change
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#170007):
https://lists.openembedded.org/g/openembedded-core/message/170007
Mute This Topic: https://lists.openembedded.org/mt/89650554/21656
Group Owner: o
From: Virendra Thakur
Add patch to fix CVE-2022-1475
Signed-off-by: Virendra Thakur
---
.../ffmpeg/ffmpeg/CVE-2022-1475.patch | 36 +++
.../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 +
2 files changed, 37 insertions(+)
create mode 100644 meta/recipes-multimedia
From: Virendra Thakur
Add patch to fix CVE-2021-36976
CVE-2021-36976 fix are provided by below mentioned pull request.
1) https://github.com/libarchive/libarchive/pull/1491
2) https://github.com/libarchive/libarchive/pull/1492
3) https://github.com/libarchive/libarchive/pull/1493
Signed-off-by
From: Virendra Thakur
Add patch to fix CVE-2021-41990 and CVE-2021-41991
Signed-off-by: Virendra Thakur
Signed-off-by: virendra thakur
---
.../strongswan/files/CVE-2021-41990.patch | 62 +++
.../strongswan/files/CVE-2021-41991.patch | 41
.../strongswan
From: Virendra Thakur
Add patch to fix CVE-2021-41990 and CVE-2021-41991
Signed-off-by: Virendra Thakur
---
.../strongswan/files/CVE-2021-41990.patch | 60 +++
.../strongswan/files/CVE-2021-41991.patch | 39
.../strongswan/strongswan_5.8.4.bb
35 matches
Mail list logo