[oe] [meta-java][kirkstone][PATCH] openjdk-8: Fix CVE-2024-20919 & CVE-2024-20921

-by: Hitendra Prajapati --- .../openjdk/openjdk-8-release-common.inc | 2 + .../patches-openjdk-8/CVE-2024-20919.patch| 126 .../patches-openjdk-8/CVE-2024-20921.patch| 657 ++ 3 files changed, 785 insertions(+) create mode 100644 recipes-core/openjdk/patches

[oe] [meta-java][kirkstone)][PATCH] openjdk-8: Fix CVE-2022-40433

Upstream-Status: Backport from https://github.com/openjdk/jdk8u/commit/961ab463974b7d05600b826303f9111c4f367a04 Signed-off-by: Hitendra Prajapati --- .../openjdk/openjdk-8-release-common.inc | 1 + .../patches-openjdk-8/CVE-2022-40433.patch| 233 ++ 2 files changed

[oe] [meta-networking][scarthgap][PATCH] tcpdump: fix CVE-2024-2397

Upstream-Status: Backport from https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2 Signed-off-by: Hitendra Prajapati --- .../tcpdump/tcpdump/CVE-2024-2397.patch | 129 ++ .../recipes-support/tcpdump/tcpdump_4.99.4.bb | 1 + 2

Re: [oe] [meta-networking][kirkstone][PATCHv2] wireshark: fix CVE-2023-6175

Hi Team, any update on this ?? Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110146): https://lists.openembedded.org/g/openembedded-devel/message/110146 Mute This Topic: https://lists.openembedded.org/mt/105213134/21656 Group

Re: [oe] [meta-networking][dunfell][PATCH] wireshark: fix CVE-2023-6175

Hi Team, any update on this ?? Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#110145): https://lists.openembedded.org/g/openembedded-devel/message/110145 Mute This Topic: https://lists.openembedded.org/mt/105323917/21656 Group

[oe] [meta-networking][dunfell][PATCH] wireshark: fix CVE-2023-6175

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/3be1c99180a6fc48c34ae4bfc79bfd840b29ae3e Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-6175.patch | 246 ++ .../wireshark/wireshark_3.2.18.bb | 1 + 2 files

[oe] [meta-networking][kirkstone][PATCHv2] wireshark: fix CVE-2023-6175

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/3be1c99180a6fc48c34ae4bfc79bfd840b29ae3e Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-6175.patch | 246 ++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

[oe] []meta-networking[kirkstone][PATCH] wireshark: fix CVE-2023-6175

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/3be1c99180a6fc48c34ae4bfc79bfd840b29ae3e Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-6175.patch | 246 ++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

[oe] [meta-python][dunfell][PATCH] python3-cryptography: fix CVE-2024-26130 NULL pointer dereference

Upstream-Status: Backport from https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 Signed-off-by: Hitendra Prajapati --- .../python3-cryptography/CVE-2024-26130.patch | 66 +++ .../python/python3-cryptography_2.8.bb| 1 + 2 files

[oe] [meta-networking][dunfell][PATCH] proftpd: fix CVE-2020-9272 Out-of-bounds read

Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/743330874ee19dfcf2405827274015da0663bd2b Signed-off-by: Hitendra Prajapati --- .../proftpd/files/CVE-2020-9272.patch | 2839 + .../recipes-daemons/proftpd/proftpd_1.3.6.bb |1 + 2 files

[oe] [meta-networking][dunfell][PATCH] wireshark: fix CVE-2024-0208 GVCP dissector crash

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2024-0208.patch | 42 +++ .../wireshark/wireshark_3.2.18.bb | 1 + 2 files

[oe] [meta-networking][kirkstone][PATCH] wireshark: fix CVE-2024-0208 GVCP dissector crash

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/a8586fde3a6512466afb2a660538ef3fe712076b Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2024-0208.patch | 42 +++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

[oe] [meta-webserver][dunfell][PATCH] apache2: upgrade 2.4.57 -> 2.4.58

s://downloads.apache.org/httpd/CHANGES_2.4.58 References: https://httpd.apache.org/security/vulnerabilities_24.html https://security-tracker.debian.org/tracker/CVE-2023-31122 https://security-tracker.debian.org/tracker/CVE-2023-43622 https://security-tracker.debian.org/tracker/CVE-2023-45802

[oe] [meta-networking][kirkstone][PATCH] proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read

Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592 Signed-off-by: Hitendra Prajapati --- .../proftpd/files/CVE-2023-51713.patch| 277 ++ .../recipes-daemons/proftpd/proftpd_1.3.7c.bb | 1 + 2 files changed

[oe] [meta-networking][dunfell][PATCHv2] proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read

Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592 Signed-off-by: Hitendra Prajapati --- .../proftpd/files/CVE-2023-51713.patch| 278 ++ .../recipes-daemons/proftpd/proftpd_1.3.6.bb | 1 + 2 files changed

[oe] [meta-networking][dunfell][PATCH] proftpd: Fix CVE-2023-51713 Out-of-bounds buffer read

Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/97bbe68363ccf2de0c07f67170ec64a8b4d62592 Signed-off-by: Hitendra Prajapati --- .../proftpd/files/CVE-2023-51713.patch| 277 ++ .../recipes-daemons/proftpd/proftpd_1.3.7c.bb | 1 + 2 files changed

[oe] [meta-oe][kirkstone][PATCHv2] libssh: fix CVE-2023-1667 NULL pointer dereference

Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/log/?qt=grep=cve-2023-1667 Signed-off-by: Hitendra Prajapati --- .../libssh/libssh/CVE-2023-1667.patch | 724 ++ .../recipes-support/libssh/libssh_0.8.9.bb| 1 + 2 files changed, 725

[oe] [meta-oe][kirkstone][PATCH] libssh: fix CVE-2023-1667 NULL pointer dereference

Upstream-Status: Backport from https://packages.debian.org/buster/libssh-dev/libssh_0.8.7-1+deb10u2.debian.tar.xz Signed-off-by: Hitendra Prajapati --- .../libssh/libssh/CVE-2023-1667.patch | 724 ++ .../recipes-support/libssh/libssh_0.8.9.bb| 1 + 2 files changed

[oe] [meta-networking][dunfell][PATCH] samba: fix CVE-2023-42669 denial of service

Upstream-Status: Backport from https://www.samba.org/samba/ftp/patches/security/samba-4.17.12-security-2023-10-10.patch Signed-off-by: Hitendra Prajapati --- .../samba/samba/CVE-2023-42669.patch | 93 +++ .../samba/samba_4.10.18.bb| 1 + 2 files

[oe] [meta-oe][dunfell][PATCH] php: CVE-2022-4900 fix potential buffer overflow

Upstream-Status: Backport from https://github.com/php/php-src/commit/789a37f14405e2d1a05a76c9fb4ed2d49d4580d5 Signed-off-by: Hitendra Prajapati --- .../php/php/CVE-2022-4900.patch | 48 +++ meta-oe/recipes-devtools/php/php_7.4.33.bb| 1 + 2 files changed, 49

[oe] [meta-networking][dunfell][PATCH] wireshark: Fix CVE-2022-0585-CVE-2023-2879

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/8d3c2177793e900cfc7cfaac776a2807e4ea289f && https://gitlab.com/wireshark/wireshark/-/commit/118815ca7c9f82c1f83f8f64d9e0e54673f31677 Signed-off-by: Hitendra Prajapati --- .../files/CVE-2022-0585-CVE-2

[oe] [meta-networking][dunfell][PATCH] wireshark: Fix CVE-2023-3649

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/75e0ffcb42f3816e5f2fdef12f3c9ae906130b0c Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-3649.patch | 231 ++ .../wireshark/wireshark_3.2.18.bb | 1 + 2 files

[oe] [meta-networking][dunfell][PATCH] wireshark: Fix CVE-2023-2906

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2906.patch | 38 +++ .../wireshark/wireshark_3.2.18.bb | 1 + 2 files

[oe] [meta-networking][kirkstone][PATCH] wireshark: Fix CVE-2023-2906

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/44dc70cc5aadca91cb8ba3710c59c3651b7b0d4d Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2906.patch | 38 +++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

[oe] [meta-oe][dunfell][PATCH] openldap: fix CVE-2021-27212 Assertion failure in slapd

Upstream-Status: Backport from https://git.openldap.org/openldap/openldap/-/commit/9badb73425a67768c09bcaed1a9c26c684af6c30 Signed-off-by: Hitendra Prajapati --- .../openldap/openldap/CVE-2021-27212.patch| 31 +++ .../openldap/openldap_2.4.57.bb | 1 + 2

[oe] [meta-networking][dunfell][PATCH] quagga: CVE-2021-44038 unsafe chown/chmod operations may lead to privileges escalation

Upstream-Status: Backport from https://build.opensuse.org/package/view_file/network/quagga/remove-chown-chmod.service.patch Signed-off-by: Hitendra Prajapati --- .../quagga/files/CVE-2021-44038.patch | 117 ++ .../recipes-protocols/quagga/quagga.inc | 2 +- 2

[oe] [meta-oe][dunfell][PATCH] multipath-tools: fix CVE-2022-41974

Upstream-Status: Backport from https://github.com/openSUSE/multipath-tools/commit/fbbf280a0e26026c19879d938ebb2a8200b6357c Signed-off-by: Hitendra Prajapati --- .../files/CVE-2022-41974.patch| 162 ++ .../multipath-tools/multipath-tools_0.8.4.bb | 1 + 2

[oe] [meta-networking][dunfell][PATCH] ntp: backport patch for 5 CVEs CVE-2023-26551/2/3/4/5

://www.ntp.org/support/securitynotice/ntpbug3806/ Small adaptation to build is needed because of how tests are built. Backport fixes for: CVE: CVE-2023-26551 CVE: CVE-2023-26552 CVE: CVE-2023-26553 CVE: CVE-2023-26554 CVE: CVE-2023-26555 Signed-off-by: Hitendra Prajapati --- .../ntp/ntp/CVE-2023

Re: [oe] [meta-networking][dunfell][PATCH] wireshark: Fix CVE-2023-0667 & CVE-2023-0668

Hi Team, Gentle reminder for this patch review . Thank you -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#103654): https://lists.openembedded.org/g/openembedded-devel/message/103654 Mute This Topic:

Re: [oe] [meta-networking][dunfell][PATCH] wireshark: Fix Multiple CVEs

Hi Team, Gentle reminder for this patch review . Thank you -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#103653): https://lists.openembedded.org/g/openembedded-devel/message/103653 Mute This Topic:

[oe] [meta-oe][dunfell][PATCH] yajl: CVE-2023-33460 memory leak in yajl_tree_parse function

Upstream-Status: Backport from https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698 Signed-off-by: Hitendra Prajapati --- .../yajl/yajl/CVE-2023-33460.patch| 29 +++ meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 4 ++- 2

[oe] [meta-oe][kirkstone][PATCH] yajl: CVE-2023-33460 memory leak in yajl_tree_parse function

Upstream-Status: Backport from https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698 Signed-off-by: Hitendra Prajapati --- .../yajl/yajl/CVE-2023-33460.patch| 29 +++ meta-oe/recipes-devtools/yajl/yajl_2.1.0.bb | 4 ++- 2

[oe] [meta-oe][kirkstone][PATCHv2] libssh: CVE-2020-16135 Fix NULL pointer dereference in sftpserver.c

Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c Signed-off-by: Hitendra Prajapati --- .../libssh/libssh/CVE-2020-16135.patch| 44 +++ .../recipes-support/libssh/libssh_0.8.9.bb| 4 +- 2

[oe] [meta-oe][kirkstone][PATCH] libssh: CVE-2020-16135 Fix NULL pointer dereference in sftpserver.c

Upstream-Status: Backport from https://gitlab.com/libssh/libssh-mirror/-/commit/1493b4466fa394b321d196ad63dd6a4fa395d337 Signed-off-by: Hitendra Prajapati --- .../libssh/libssh/CVE-2020-16135.patch| 105 ++ .../recipes-support/libssh/libssh_0.8.9.bb| 4 +- 2 files

[oe] [meta-networking][dunfell][PATCH] wireshark: Fix CVE-2023-0667 & CVE-2023-0668

Backport from https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9 Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-0667-pre1.patch | 153 ++ .../wireshark/files/CVE-2023-0667.patch | 66 .../wireshark/files/

[oe] [meta-networking][dunfell][PATCH] wireshark: Fix Multiple CVEs

-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2855.patch | 117 ++ .../wireshark/files/CVE-2023-2856.patch | 68 ++ .../wireshark/files/CVE-2023-2858.patch | 94 ++ .../wireshark/files/CVE-2023-2952.patch | 97

[oe] [meta-networking][kirkstone][PATCH] wireshark: Fix Multiple CVEs

* CVE-2023-0668 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9 Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-0666.patch | 122 ++ .../wireshark/files/CVE-2023-0667.patch

[oe] [meta-networking][mickledore][PATCH] wireshark: Fix Multiple CVEs

* CVE-2023-0668 - Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/c4f37d77b29ec6a9754795d0efb6f68d633728d9 Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-0666.patch | 122 ++ .../wireshark/files/CVE-2023-0667.patch

[oe] [meta-networking][mickledore][PATCHv2] wireshark: CVE-2023-2952 XRA dissector infinite loop

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5 Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2952.patch | 98 +++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

[oe] [meta-networking][kirkstone][PATCHv2] wireshark: CVE-2023-2952 XRA dissector infinite loop

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5 Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2952.patch | 98 +++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

Re: [oe] [meta-qt5][kirkstone][PATCH] qt: CVE-2023-32763 Fix Integer overflow

Hi, It is not included in the 5.15.9 release used in mickledore. I'll try to work on that branch . On 14/06/23 19:50, Martin Jansa wrote: 5.15.9 release used in mickledor -- Regards, Hitendra Prajapati MontaVista Software LLC -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent

[oe] [meta-qt5][kirkstone][PATCH] qt: CVE-2023-32763 Fix Integer overflow

Upstream-Status: Backport from https://download.qt.io/official_releases/qt/5.15/CVE-2023-32763-qtbase-5.15.diff Signed-off-by: Hitendra Prajapati --- recipes-qt/qt5/qtbase/CVE-2023-32763.patch | 74 ++ recipes-qt/qt5/qtbase_git.bb | 1 + 2 files changed, 75

[oe] [meta-oe][dunfell][PATCH] c-ares: CVE-2023-31147 Insufficient randomness in generation of DNS query IDs

Upstream-Status: Backport from https://github.com/c-ares/c-ares/commit/823df3b989e59465d17b0a2eb1239a5fc048b4e5 Signed-off-by: Hitendra Prajapati --- .../c-ares/c-ares/CVE-2023-31147.patch| 717 ++ .../recipes-support/c-ares/c-ares_1.18.1.bb | 1 + 2 files changed

[oe] [meta-oe][dunfell][PATCH] c-ares: CVE-2023-31130 fix Buffer Underwrite

Upstream-Status: Backport from https://github.com/c-ares/c-ares/commit/f22cc01039b6473b736d3bf438f56a2654cdf2b2 Signed-off-by: Hitendra Prajapati --- .../c-ares/c-ares/CVE-2023-31130.patch| 329 ++ .../recipes-support/c-ares/c-ares_1.18.1.bb | 5 +- 2 files changed

[oe] [meta-networking][kirkstone][PATCH] wireshark: CVE-2023-2952 XRA dissector infinite loop

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5 Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2952.patch | 98 +++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

[oe] [meta-networking][mickledore][PATCH] wireshark: CVE-2023-2952 XRA dissector infinite loop

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e18d0e369729b0fff5f76f41cbae67e97c2e52e5 Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2952.patch | 98 +++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

[oe] [meta-networking][kirkstone][PATCH] wireshark: Fix CVE-2023-2858 & CVE-2023-2879

Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2858.patch | 95 +++ .../wireshark/files/CVE-2023-2879.patch | 37 .../wireshark/wireshark_3.4.12.bb | 2 + 3 files changed, 134 insertions(+) create mode 100644 meta-networking

[oe] [meta-networking][master][mickledore][PATCH] wireshark: Fix CVE-2023-2858 & CVE-2023-2879

Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2858.patch | 95 +++ .../wireshark/files/CVE-2023-2879.patch | 37 .../wireshark/wireshark_3.4.12.bb | 2 + 3 files changed, 134 insertions(+) create mode 100644 meta-networking

[oe] [meta-networking][mickledore][PATCH] wireshark: Fix CVE-2023-2855 & CVE-2023-2856

Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2855.patch | 108 ++ .../wireshark/files/CVE-2023-2856.patch | 69 +++ .../wireshark/wireshark_3.4.12.bb | 2 + 3 files changed, 179 insertions(+) create mode 100644 meta

[oe] [meta-networking][master][PATCH] wireshark: Fix CVE-2023-2855 & CVE-2023-2856

Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2855.patch | 108 ++ .../wireshark/files/CVE-2023-2856.patch | 69 +++ .../wireshark/wireshark_3.4.12.bb | 2 + 3 files changed, 179 insertions(+) create mode 100644 meta

[oe] [meta-networking][kirkstone][PATCH] wireshark: CVE-2023-2856 VMS TCPIPtrace file parser crash

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/db5135826de3a5fdb3618225c2ff02f4207012ca Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2856.patch | 69 +++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

[oe] [meta-networking][kirkstone][PATCH] wireshark: CVE-2023-2855 Candump log file parser crash

Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/0181fafb2134a177328443a60b5e29c4ee1041cb Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2023-2855.patch | 108 ++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files

[oe] [meta-oe][dunfell][PATCH] multipath-tools: CVE-2022-41973 Symlink attack multipathd operates insecurely

the runtime directory configurable via the "runtimedir" make variable. QA Issue: non -dev/-dbg/nativesdk- package multipath-tools-libs contains symlink .so '/usr/lib/libdmmp.so' ... Fix this by making the new pattern for multipath-tools-libs package more specific. Signed-off-by: Hitendra

Re: [oe] [meta-oe][dunfell][PATCH] postgresql: CVE-2022-41862 Client memory disclosure when connecting with Kerberos to modified server

Hi Armin, No problem. Thank you for the update. Regards, Hitendra On Mon, 3 Apr 2023, 8:59 pm Armin Kuster, wrote: > > > On 4/3/23 7:15 AM, Hitendra Prajapati wrote: > > Hi Team, > > > > Any update on this issue ? > > Don't know yet. I have only on build

Re: [oe] [meta-oe][dunfell][PATCH] postgresql: CVE-2022-41862 Client memory disclosure when connecting with Kerberos to modified server

Hi Team, Any update on this issue ? Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#101937): https://lists.openembedded.org/g/openembedded-devel/message/101937 Mute This Topic: https://lists.openembedded.org/mt/97822021/21656

Re: [oe] [meta-oe][dunfell][PATCH] syslog-ng: CVE-2022-38725 An integer overflow in the RFC3164 parser

Hi Team, Any update on this ?? Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#101936): https://lists.openembedded.org/g/openembedded-devel/message/101936 Mute This Topic: https://lists.openembedded.org/mt/97967253/21656 Group

[oe] [meta-oe][dunfell][PATCH] syslog-ng: CVE-2022-38725 An integer overflow in the RFC3164 parser

26293ff8cbd282cfc866ab56054c4 && https://github.com/syslog-ng/syslog-ng/commit/8c6e2c1c41b0fcc5fbd464c35f4dac7102235396 && https://github.com/syslog-ng/syslog-ng/commit/56f881c5eaa3d8c02c96607c4b9e4eaf959a044d Signed-off-by: Hitendra Prajapati --- .../syslog-ng/files/CVE-2022-38725.p

[oe] [meta-oe][dunfell][PATCH] postgresql: CVE-2022-41862 Client memory disclosure when connecting with Kerberos to modified server

Upstream-Status: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3f7342671341a7a137f2d8b06ab3461cdb0e1d88 Signed-off-by: Hitendra Prajapati --- .../postgresql/files/CVE-2022-41862.patch | 48 +++ .../recipes-dbs/postgresql/postgresql_12.9.bb

Re: [oe] [meta-security][dunfell][PATCH] sssd: CVE-2022-4254 libsss_certmap fails to sanitise certificate data used in LDAP filters

Hi Team, Gentle reminder ! Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#101345): https://lists.openembedded.org/g/openembedded-devel/message/101345 Mute This Topic: https://lists.openembedded.org/mt/97200229/21656 Group

Re: [oe] [meta-webserver][kirkstone][PATCH] httpd: CVE-2022-37436 mod_proxy: HTTP response splitting

Hi Armin/Team, Please ignore this mail. I have just seen that somebody update the package. Thank you -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#101248): https://lists.openembedded.org/g/openembedded-devel/message/101248 Mute This Topic:

Re: [oe] [meta-webserver][kirkstone][PATCH] httpd: CVE-2022-37436 mod_proxy: HTTP response splitting

Hi Armin, Does any one update apache2 package to 2.4.55 which includes this fix ? Gentle reminder . Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#101247): https://lists.openembedded.org/g/openembedded-devel/message/101247 Mute

[oe] [meta-security][dunfell][PATCH] sssd: CVE-2022-4254 libsss_certmap fails to sanitise certificate data used in LDAP filters

Upstream-Status: Backport from https://github.com/SSSD/sssd/commit/1c40208aa1e0f9a17cc4f336c99bcaa6977592d3 & https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274 Signed-off-by: Hitendra Prajapati --- .../sssd/files/CVE-2022-4254-1.patch |

[oe] [meta-webserver][kirkstone][PATCH] httpd: CVE-2022-37436 mod_proxy: HTTP response splitting

Upstream-Status: Backport from https://github.com/apache/httpd/commit/8b6d55f6a047acf62675e32606b037f5eea8ccc7 Signed-off-by: Hitendra Prajapati --- .../apache2/apache2/CVE-2022-37436.patch | 138 ++ .../recipes-httpd/apache2/apache2_2.4.54.bb | 1 + 2 files changed

[oe] [meta-webserver][dunfell][PATCH] httpd: CVE-2022-37436 mod_proxy: HTTP response splitting

Upstream-Status: Backport from https://github.com/apache/httpd/commit/8b6d55f6a047acf62675e32606b037f5eea8ccc7 Signed-off-by: Hitendra Prajapati --- .../apache2/apache2/CVE-2022-37436.patch | 138 ++ .../recipes-httpd/apache2/apache2_2.4.54.bb | 1 + 2 files changed

[oe] [meta-webserver][dunfell][PATCH] httpd: CVE-2022-36760 mod_proxy_ajp: Possible request smuggling

Upstream-Status: Backport from https://github.com/apache/httpd/commit/d93e61e3e9622bacff746772cb9c97fdcaed8baf Signed-off-by: Hitendra Prajapati --- .../apache2/apache2/CVE-2022-36760.patch | 37 +++ .../recipes-httpd/apache2/apache2_2.4.54.bb | 1 + 2 files changed, 38

[oe] [meta-oe][dunfell][PATCH] krb5: CVE-2022-42898 integer overflow vulnerabilities in PAC parsing

Upstream-Status: Backport from https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4 Signed-off-by: Hitendra Prajapati --- .../krb5/krb5/CVE-2022-42898.patch| 110 ++ .../recipes-connectivity/krb5/krb5_1.17.1.bb | 1 + 2 files changed, 111

[oe] [meta-oe][kirkstone][PATCH] krb5: CVE-2022-42898 integer overflow vulnerabilities in PAC parsing

Upstream-Status: Backport from https://github.com/krb5/krb5/commit/4e661f0085ec5f969c76c0896a34322c6c432de4 Signed-off-by: Hitendra Prajapati --- .../krb5/krb5/CVE-2022-42898.patch| 110 ++ .../recipes-connectivity/krb5/krb5_1.17.2.bb | 1 + 2 files changed, 111

[oe] [meta-networking][kirkstone][PATCH] net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception

Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 Signed-off-by: Hitendra Prajapati --- .../CVE-2022-44792-CVE-2022-44793.patch | 116 ++ .../net-snmp/net-snmp_5.9.3.bb| 1 + 2 files

[oe] [meta-networking][dunfell][PATCH] net-snmp: CVE-2022-44792 & CVE-2022-44793 Fix NULL Pointer Exception

Upstream-Status: Backport from https://github.com/net-snmp/net-snmp/commit/be804106fd0771a7d05236cff36e199af077af57 Signed-off-by: Hitendra Prajapati --- .../CVE-2022-44792-CVE-2022-44793.patch | 116 ++ .../net-snmp/net-snmp_5.8.bb | 1 + 2 files

Re: [oe] [meta-networking][dunfell][PATCH] proftpd: CVE-2021-46854 memory disclosure to radius server

Hi Team, gentle reminder . Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#100119): https://lists.openembedded.org/g/openembedded-devel/message/100119 Mute This Topic: https://lists.openembedded.org/mt/95533615/21656 Group

[oe] [meta-networking][dunfell][PATCH] proftpd: CVE-2021-46854 memory disclosure to radius server

Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 Signed-off-by: Hitendra Prajapati --- .../proftpd/files/CVE-2021-46854.patch| 51 +++ .../recipes-daemons/proftpd/proftpd_1.3.6.bb | 1 + 2 files changed

[oe] [dunfell][meta-networking][PATCH] proftpd: CVE-2021-46854 memory disclosure to radius server

Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/10a227b4d50e0a2cd2faf87926f58d865da44e43 Signed-off-by: Hitendra Prajapati --- .../proftpd/files/CVE-2021-46854.patch| 51 +++ .../recipes-daemons/proftpd/proftpd_1.3.6.bb | 1 + 2 files changed

Re: [oe] [meta-oe][dunfell][PATCH] postgresql: Fix CVE-2022-2625

Hi Armin, Can you please accept/validate this patch  or Upgrade the postgresql version to 12.12 as you said in your reply. Regards, Hitendra -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#99907):

[oe] [kirkstone][PATCH] nginx: CVE-2022-41741, CVE-2022-41742 Memory corruption in the ngx_http_mp4_module

Upstream-Status: Backport from https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea Signed-off-by: Hitendra Prajapati --- .../files/CVE-2022-41741-CVE-2022-41742.patch | 319 ++ .../recipes-httpd/nginx/nginx_1.20.1.bb | 4 +- 2 files changed

[oe] [dunfell][PATCH] nginx: CVE-2022-41741, CVE-2022-41742 Memory corruption in the ngx_http_mp4_module

Upstream-Status: Backport from https://github.com/nginx/nginx/commit/6b022a5556af22b6e18532e547a6ae46b0d8c6ea Signed-off-by: Hitendra Prajapati --- .../files/CVE-2022-41741-CVE-2022-41742.patch | 319 ++ .../recipes-httpd/nginx/nginx_1.16.1.bb | 4 +- 2 files changed

[oe] [meta-networking][kirkstone][PATCH] strongswan: CVE-2022-40617 A possible DoS in Using Untrusted URIs for Revocation Checking

Upstream-Status: Backport from https://download.strongswan.org/security/CVE-2022-40617 Affects "strongswan < 5.9.8" Signed-off-by: Hitendra Prajapati --- .../strongswan/files/CVE-2022-40617.patch | 157 ++ .../strongswan/strongswan_5.9.6.bb|

Re: [oe] [meta-networking][kirkstone][PATCH] dhcp: Fix CVE-2022-2928 & CVE-2022-2929

Hi Team, Any update or comments on that patches ?? -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#99440): https://lists.openembedded.org/g/openembedded-devel/message/99440 Mute This Topic: https://lists.openembedded.org/mt/94230529/21656 Group

[oe] [meta-oe][dunfell][PATCH] postgresql: Fix CVE-2022-2625

Upstream-Status: Backport from https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5579726bd60a6e7afb04a3548bced348cd5ffd89 Description: CVE-2022-2625 postgresql: Extension scripts replace objects not belonging to the extension. Signed-off-by: Hitendra Prajapati

[oe] [meta-networking][kirkstone][PATCH] dhcp: Fix CVE-2022-2928 & CVE-2022-2929

-off-by: Hitendra Prajapati --- .../dhcp/dhcp-relay_4.4.3.bb | 2 + .../dhcp/files/CVE-2022-2928.patch| 120 ++ .../dhcp/files/CVE-2022-2929.patch| 40 ++ 3 files changed, 162 insertions(+) create mode 100644 meta-networking/recipes

[oe] [meta-networking][kirkstone][PATCH] wireshark: CVE-2022-3190 Infinite loop in legacy style dissector

Description: CVE-2022-3190 wireshark: Infinite loop in legacy style dissector. Signed-off-by: Hitendra Prajapati --- .../wireshark/files/CVE-2022-3190.patch | 145 ++ .../wireshark/wireshark_3.4.12.bb | 1 + 2 files changed, 146 insertions(+) create

[oe] [meta-networking][dunfell][PATCH] dnsmasq: CVE-2022-0934 Heap use after free in dhcp6_no_relay

-0934 dnsmasq: Heap use after free in dhcp6_no_relay. Signed-off-by: Hitendra Prajapati --- .../dnsmasq/dnsmasq/CVE-2022-0934.patch | 188 ++ .../recipes-support/dnsmasq/dnsmasq_2.81.bb | 1 + 2 files changed, 189 insertions(+) create mode 100644 meta-networking/recipes

[oe] [meta-oe][dunfell][PATCH] postgresql: CVE-2022-1552 Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

commit;h=677a494789062ca88e0142a17bedd5415f6ab0aa ChangeID: 5011e2e09f30f76fc27dc4cb5fa98a504d1aaec9 Description: CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox. Signed-off-by: Hitendra Prajapati --- .../postgresql/files/C

[oe] [dunfell][PATCH] postgresql: CVE-2022-1552 Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

commit;h=677a494789062ca88e0142a17bedd5415f6ab0aa ChangeID: 5011e2e09f30f76fc27dc4cb5fa98a504d1aaec9 Description: CVE-2022-1552 postgresql: Autovacuum, REINDEX, and others omit "security restricted operation" sandbox. Signed-off-by: Hitendra Prajapati --- .../postgresql/files/C

[oe] [master][PATCH] qemu: CVE-2022-35414 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash

Upstream-Status: Backport [https://github.com/qemu/qemu/commit/418ade7849ce7641c0f7333718caf5091a02fd4c] CVE: CVE-2022-35414 Signed-off-by: Hitendra Prajapati --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2022-35414.patch| 53 +++ 2

[oe] [dunfell][PATCH] python3-lxml: CVE-2022-2309 NULL Pointer Dereference allows attackers to cause a denial of service

attackers to cause a denial of service. Signed-off-by: Hitendra Prajapati --- .../recipes-devtools/python/python-lxml.inc | 2 + .../python/python3-lxml/CVE-2022-2309.patch | 94 +++ 2 files changed, 96 insertions(+) create mode 100644 meta-python/recipes-devtools/python

[oe] [meta-networking][kirkstone][PATCH V2] cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands. Signed-off-by: Hitendra Prajapati --- .../cyrus-sasl/CVE-2022-24407.patch | 27 +++ .../cyrus-sasl/cyrus-sasl_2.1.28.bb | 1 + 2 files changed, 28 insertions(+) create mode

Re: [oe] [meta-networking][kirkstone][PATCH] cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

Regards, Hitendra On 29/06/22 22:38, Khem Raj wrote: this patch is needed on master too, please send a version against master as well. We want to apply that before backporting it to releases On 6/28/22 1:55 AM, Hitendra Prajapati wrote: Source: https://github.com/cyrusimap/cyrus-sasl MR

[oe] [meta-oe][master][PATCH] cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

Backport from https://github.com/cyrusimap/cyrus-sasl/commit/9eff746c9daecbcc0041b09a5a51ba30738cdcbc CVE-2022-24407 cyrus-sasl: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands. Signed-off-by: Hitendra Prajapati --- .../cyrus-sasl/CVE-2022-24407.patch

[oe] [meta-networking][kirkstone][PATCH] cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands. Signed-off-by: Hitendra Prajapati --- .../cyrus-sasl/CVE-2022-24407.patch | 83 +++ .../cyrus-sasl/cyrus-sasl_2.1.28.bb | 1 + 2 files changed, 84 insertions(+) create mode

[oe] [meta-networking][dunfell][PATCH] cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands. Signed-off-by: Hitendra Prajapati --- .../cyrus-sasl/CVE-2022-24407.patch | 83 +++ .../cyrus-sasl/cyrus-sasl_2.1.27.bb | 1 + 2 files changed, 84 insertions(+) create mode

[oe] [meta-oe][dunfell][PATCH] xterm: CVE-2022-24130 Buffer overflow in set_sixel in graphics_sixel.c

xterm: Buffer overflow in set_sixel in graphics_sixel.c. Signed-off-by: Hitendra Prajapati --- .../xorg-app/xterm/CVE-2022-24130.patch | 84 +++ .../recipes-graphics/xorg-app/xterm_353.bb| 2 +- 2 files changed, 85 insertions(+), 1 deletion(-) create mode 100644 meta

[oe] [meta-oe][dunfell][PATCH] openldap: CVE-2022-29155 OpenLDAP SQL injection

: OpenLDAP SQL injection Signed-off-by: Hitendra Prajapati --- .../openldap/openldap/CVE-2022-29155.patch| 277 ++ .../openldap/openldap_2.4.57.bb | 2 +- 2 files changed, 278 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/openldap

[oe] [dunfell][PATCH] openldap: CVE-2022-29155 OpenLDAP SQL injection

: OpenLDAP SQL injection Signed-off-by: Hitendra Prajapati --- .../openldap/openldap/CVE-2022-29155.patch| 277 ++ .../openldap/openldap_2.4.57.bb | 2 +- 2 files changed, 278 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/openldap

[oe] [meta-networking][dunfell][PATCH] cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands. Signed-off-by: Hitendra Prajapati --- .../cyrus-sasl/CVE-2022-24407.patch | 83 +++ .../cyrus-sasl/cyrus-sasl_2.1.27.bb | 1 + 2 files changed, 84 insertions(+) create mode

[oe] [dunfell][PATCH] cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands. Signed-off-by: Hitendra Prajapati --- .../cyrus-sasl/CVE-2022-24407.patch | 83 +++ .../cyrus-sasl/cyrus-sasl_2.1.27.bb | 1 + 2 files changed, 84 insertions(+) create mode

[oe] [meta-oe][dunfell][PATCH] openldap: CVE-2022-29155 OpenLDAP SQL injection

: OpenLDAP SQL injection Signed-off-by: Hitendra Prajapati --- .../openldap/openldap/CVE-2022-29155.patch| 277 ++ .../openldap/openldap_2.4.57.bb | 2 +- 2 files changed, 278 insertions(+), 1 deletion(-) create mode 100644 meta-oe/recipes-support/openldap

[oe] [meta-networking][dunfell][PATCH] cyrus-sasl: CVE-2022-24407 failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands

: failure to properly escape SQL input allows an attacker to execute arbitrary SQL commands. Signed-off-by: Hitendra Prajapati --- .../cyrus-sasl/CVE-2022-24407.patch | 83 +++ .../cyrus-sasl/cyrus-sasl_2.1.27.bb | 1 + 2 files changed, 84 insertions(+) create mode