[OE-core][dunfell][PATCH] perl: Fix CVE-2023-31486

80ecd63cc84d7eb9db26ec47d4afcf5a59d598e8) Signed-off-by: virendra thakur --- .../perl/files/CVE-2023-31486-0001.patch | 216 ++ .../perl/files/CVE-2023-31486-0002.patch | 36 +++ meta/recipes-devtools/perl/perl_5.30.1.bb | 2 + 3 files changed, 254 insertions

[OE-core][dunfell][PATCH 4/4] binutils: Mark CVE-2022-47673 as patch

the fix for this issue seems to be the same as the one for the issue described by CVE-2023-25584. Reference: https://ubuntu.com/security/CVE-2022-47673 Signed-off-by: virendra thakur --- meta/recipes-devtools/binutils/binutils/CVE-2023-25584.patch | 3 ++- 1 file changed, 2 insertions(+), 1

[OE-core][dunfell][PATCH 3/4] binutils: Fix CVE-2022-48065

Add patch file to fix CVE-2022-48065 Reference: https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.9/binutils_2.34-6ubuntu1.9.debian.tar.xz Signed-off-by: virendra thakur --- .../binutils/binutils-2.34.inc| 1 + .../binutils/binutils/CVE-2022

[OE-core][dunfell][PATCH 2/4] binutils: Fix CVE-2022-45703

Add patch file to fix CVE-2022-45703 Reference: https://answers.launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.8/binutils_2.34-6ubuntu1.8.debian.tar.xz Signed-off-by: virendra thakur --- .../binutils/binutils-2.34.inc| 2 + .../binutils/binutils

[OE-core][dunfell][PATCH 1/4] binutils: Fix CVE-2022-44840

Add patch file to fix CVE-2022-44840 Reference: https://answers.launchpad.net/ubuntu/+archive/primary/+sourcefiles/binutils/2.34-6ubuntu1.8/binutils_2.34-6ubuntu1.8.debian.tar.xz Signed-off-by: virendra thakur --- .../binutils/binutils-2.34.inc| 1 + .../binutils/binutils

[OE-core][dunfell][PATCH] openssl: Fix CVE-2024-0727

PKCS12 structures contain PKCS7 ContentInfo fields. These fields are optional and can be NULL even if the "type" is a valid value. OpenSSL was not properly accounting for this and a NULL dereference can occur causing a crash. Signed-off-by: virendra thakur --- .../openssl/openssl/CVE

[OE-core] [dunfell][PATCH] opkg: Fix bad memory acces error observe in file_read_line_alloc

byte. Link: https://github.com/ndmsystems/opkg/commit/8b45a3c4cab95382beea1ecdddeb2e4a9ed14aba Signed-off-by: virendra thakur --- ...possible-bad-memory-access-in-file_r.patch | 50 +++ meta/recipes-devtools/opkg/opkg_0.4.2.bb | 1 + 2 files changed, 51 insertions

[OE-core] [dunfell][PATCH] binutils: fix multiple cve

From: Virendra Thakur Fix below CVE's CVE-2022-47007 CVE-2022-47008 CVE-2022-47010 CVE-2022-47011 CVE-2022-48063 CVE-2022-47695 Signed-off-by: Virendra Thakur --- .../binutils/binutils-2.34.inc| 6 ++ .../binutils/binutils/CVE-2022-47007.patch| 32 ++ .../bin

[OE-core][dunfell][PATCH] openssh: Fix CVE-2023-38408

From: Virendra Thakur Add patch to fix CVE-2023-38408 Upstream-Status: Backport [https://launchpadlibrarian.net/680920377/openssh_8.2p1-4ubuntu0.9.debian.tar.xz] Signed-off-by: Virendra Thakur --- .../openssh/openssh/CVE-2023-38408-1.patch| 31 .../openssh/openssh/CVE-2023-38408-3

[OE-core][dunfell][PATCH] ninja: Whitelist CVE-2021-4336, wrong ninja

From: Ross Burton (From OE-Core rev: c2dd2c13ff26c3f046e35a2f6b8afeb099ef422a) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 9a106486ad7900924a87c5869702903204a35b54) Signed-off-by: virendra thakur --- meta/recipes-devtools/ninja/ninja_1.10.0.bb | 3

[OE-core][kirkstone][PATCH] ninja: ignore CVE-2021-4336, wrong ninja

From: Ross Burton (From OE-Core rev: c2dd2c13ff26c3f046e35a2f6b8afeb099ef422a) Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 9a106486ad7900924a87c5869702903204a35b54) Signed-off-by: virendra thakur --- meta/recipes-devtools/ninja/ninja_1.10.2.bb | 3

[OE-core] [meta][master][PATCH] qemu: Whitelist CVE-2023-0664

From: Virendra Thakur This CVE is related to Windows. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664 Signed-off-by: Virendra Thakur --- meta/recipes-devtools/qemu/qemu.inc | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes

Re: [OE-core] [meta][kirkstone][PATCH] qemu: Whitelist CVE-2023-0664

please ignore this patch From: virendra thakur Sent: Thursday, April 27, 2023 2:36 PM To: openembedded-core@lists.openembedded.org Cc: Virendra Kumar Thakur Subject: [meta][kirkstone][PATCH] qemu: Whitelist CVE-2023-0664 Caution: This email originated from

[OE-core] [meta][kirkstone][PATCH v2] qemu: Whitelist CVE-2023-0664

From: Virendra Thakur This CVE is related to Windows. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664 Signed-off-by: Virendra Thakur --- meta/recipes-devtools/qemu/qemu.inc | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes

[OE-core] [meta][kirkstone][PATCH] qemu: Whitelist CVE-2023-0664

From: Virendra Thakur This CVE is related to Windows. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664 Signed-off-by: Virendra Thakur --- meta/recipes-devtools/qemu/qemu.inc | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta/recipes-devtools/qemu/qemu.inc

[OE-core] [meta][dunfell][PATCH] qemu: Whitelist CVE-2023-0664

From: Virendra Thakur This CVE is related to Windows. Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0664 Signed-off-by: Virendra Thakur --- meta/recipes-devtools/qemu/qemu.inc | 5 + 1 file changed, 5 insertions(+) diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes

[OE-Core][dunfell][PATCH] python3: Whitelist CVE-2018-25032

zlib v1.2.11 as used in Windows binary releases contains a security issue. Link: https://bugs.python.org/issue47194 Signed-off-by: virendra thakur --- meta/recipes-devtools/python/python3_3.8.13.bb | 4 1 file changed, 4 insertions(+) diff --git a/meta/recipes-devtools/python

[OE-Core][kirkstone][PATCH 3/3] qemu: fix CVE-2022-2962

: virendra thakur --- meta/recipes-devtools/qemu/qemu.inc | 1 + ...ulip-Restrict-DMA-engine-to-memories.patch | 64 +++ 2 files changed, 65 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/0001-net-tulip-Restrict-DMA-engine-to-memories.patch diff --git a/meta

[OE-Core][kirkstone][PATCH 1/3] qemu: Fix CVE-2021-3750 for qemu

From: Virendra Thakur Add patch to fix CVE-2021-3750 Signed-off-by: Virendra Thakur --- meta/recipes-devtools/qemu/qemu.inc | 3 + .../qemu/qemu/CVE-2021-3750-1.patch | 59 +++ .../qemu/qemu/CVE-2021-3750-2.patch | 65 .../qemu/qemu/CVE-2021-3750

Re: [OE-Core][kirkstone][PATCH] qemu: Fix CVE-2021-3750 for qemu

Attached patch file also. From: openembedded-core@lists.openembedded.org on behalf of Virendra Thakur via lists.openembedded.org Sent: Saturday, October 1, 2022 11:20 AM To: openembedded-core@lists.openembedded.org Cc: st...@sakoman.com Subject: [OE-Core

[OE-Core][kirkstone][PATCH] qemu: Fix CVE-2021-3750 for qemu

Add patch to fix CVE-2021-3750 Signed-off-by: Virendra Thakur --- meta/recipes-devtools/qemu/qemu.inc | 3 + .../qemu/qemu/CVE-2021-3750-1.patch | 59 +++ .../qemu/qemu/CVE-2021-3750-2.patch | 65 .../qemu/qemu/CVE-2021-3750-3.patch | 156

Re: [OE-Core][dunfell][PATCH] expat: Fix CVE-2022-40674

Hi , attaching patch file. From: openembedded-core@lists.openembedded.org on behalf of Virendra Thakur via lists.openembedded.org Sent: Thursday, September 22, 2022 2:31 PM To: openembedded-core@lists.openembedded.org Cc: Virendra Kumar Thakur Subject

[OE-Core][dunfell][PATCH] expat: Fix CVE-2022-40674

From: Virendra Thakur Add patch file to fix CVE-2022-40674 Link: https://github.com/libexpat/libexpat/pull/629/commits/4a32da87e931ba54393d465bb77c40b5c33d343b Signed-off-by: Virendra Thakur --- .../expat/expat/CVE-2022-40674.patch | 53 +++ meta/recipes-core/expat

Re: [OE-Core][dunfell][PATCH 2/2] sqlite3: Fix CVE-2020-35527

: Virendra Thakur Add patch file to fix CVE-2020-35527 Reference: https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fsecurity.debian.org%2Fdebian-security%2Fpool%2Fupdates%2Fmain%2Fs%2Fsqlite3%2Fsqlite3_3.27.2-3%2Bdeb10u2.debian.tar.xz&data=05%7C01%7CVirendra.Thakur%40kpit

[OE-Core][dunfell][PATCH 2/2] sqlite3: Fix CVE-2020-35527

From: Virendra Thakur Add patch file to fix CVE-2020-35527 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz Signed-off-by: Virendra Thakur --- .../sqlite/files/CVE-2020-35527.patch | 22 +++ meta

Re: [OE-Core][dunfell][PATCH 1/2] sqlite3: Fix CVE-2020-35525

7:25 PM To: openembedded-core@lists.openembedded.org Cc: st...@sakoman.com ; Virendra Kumar Thakur Subject: [OE-Core][dunfell][PATCH 1/2] sqlite3: Fix CVE-2020-35525 From: Virendra Thakur Add patch to fix CVE-2020-35525 Reference: https://apc01.safelinks.protection.outlook.com/?url=http%3A

[OE-Core][dunfell][PATCH 1/2] sqlite3: Fix CVE-2020-35525

From: Virendra Thakur Add patch to fix CVE-2020-35525 Reference: http://security.debian.org/debian-security/pool/updates/main/s/sqlite3/sqlite3_3.27.2-3+deb10u2.debian.tar.xz Signed-off-by: Virendra Thakur --- .../sqlite/files/CVE-2020-35525.patch | 21 +++ meta

Re: [OE-Core][dunfell][PATCH] tiff: Fix for CVE-2022-2867/8/9

Please take this patch . removed change-ID as its not needed. From: openembedded-core@lists.openembedded.org on behalf of Virendra Thakur via lists.openembedded.org Sent: Friday, September 9, 2022 10:41 AM To: Steve Sakoman Cc: openembedded-core

Re: [OE-Core][dunfell][PATCH] tiff: Fix for CVE-2022-2867/8/9

-Core][dunfell][PATCH] tiff: Fix for CVE-2022-2867/8/9 Caution: This email originated from outside of the KPIT. Do not click links or open attachments unless you recognize the sender and know the content is safe. On Wed, Sep 7, 2022 at 7:04 PM Virendra Thakur via lists.openembedded.org wrote

[OE-Core][dunfell][PATCH] tiff: Fix for CVE-2022-2867/8/9

From: Virendra Thakur Add Patch to fix CVE-2022-2867, CVE-2022-2868 CVE-2022-2869 Signed-off-by: Virendra Thakur --- ...022-2867-CVE-2022-2868-CVE-2022-2869.patch | 159 ++ meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 + 2 files changed, 160 insertions(+) create mode

Re: [OE-core] [dunfell 00/18] Pull request (cover letter only)

When we are planning to integrate this change -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#170007): https://lists.openembedded.org/g/openembedded-core/message/170007 Mute This Topic: https://lists.openembedded.org/mt/89650554/21656 Group Owner: o

[OE-core] [meta][dunfell][PATCH] ffmpeg: Fix for CVE-2022-1475

From: Virendra Thakur Add patch to fix CVE-2022-1475 Signed-off-by: Virendra Thakur --- .../ffmpeg/ffmpeg/CVE-2022-1475.patch | 36 +++ .../recipes-multimedia/ffmpeg/ffmpeg_4.2.2.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-multimedia

[OE-core] [meta][dunfell][PATCH] libarchive: Fix for CVE-2021-36976

From: Virendra Thakur Add patch to fix CVE-2021-36976 CVE-2021-36976 fix are provided by below mentioned pull request. 1) https://github.com/libarchive/libarchive/pull/1491 2) https://github.com/libarchive/libarchive/pull/1492 3) https://github.com/libarchive/libarchive/pull/1493 Signed-off-by

[OE-core] [meta-networking][dunfell][PATCH v2] strongswan: Fix for CVE-2021-41990 and CVE-2021-41991

From: Virendra Thakur Add patch to fix CVE-2021-41990 and CVE-2021-41991 Signed-off-by: Virendra Thakur Signed-off-by: virendra thakur --- .../strongswan/files/CVE-2021-41990.patch | 62 +++ .../strongswan/files/CVE-2021-41991.patch | 41 .../strongswan

[OE-core] [meta-networking][dunfell][PATCH] strongswan: Fix for CVE-2021-41990 and CVE-2021-41991

From: Virendra Thakur Add patch to fix CVE-2021-41990 and CVE-2021-41991 Signed-off-by: Virendra Thakur --- .../strongswan/files/CVE-2021-41990.patch | 60 +++ .../strongswan/files/CVE-2021-41991.patch | 39 .../strongswan/strongswan_5.8.4.bb