Hi OpenEmbedded-Devel Team ,
I am writing to inquire about the status of the patch mentioned in the mail
below that I submitted to OpenEmbedded-Devel and when it is expected to be
integrated?
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
From: Sana Kazi
Whitelist CVE-2020-27844 as it is introduced by
https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5
but the contents of this patch is not present in openjpeg_2.3.1
Link: https://security-tracker.debian.org/tracker/CVE-2020-27844
Whitelist CVE
Add patch to fix below CVE:
CVE-2019-12973
CVE-2020-15389
CVE-2020-27814
CVE-2020-27823
CVE-2020-27824
CVE-2020-27841
CVE-2020-27842
CVE-2020-27843
CVE-2020-27845
Signed-off-by: Virendra Thakur
Signed-off-by: Sana Kazi
---
.../openjpeg/openjpeg/CVE-2019-12973-1.patch | 72
is of type const char* const& but the
first and second hunk makes the type of second argument as const string
which is not compatible with the type of second argument in
InsertIfNotPresent().
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
.../protobuf/protobuf/CVE-2021-22570.p
on:
https://nvd.nist.gov/products/cpe/search/results?keyword=netcat=FINAL=CPEURI=2.3
Signed-off-by: Andre Carvalho
Signed-off-by: Khem Raj
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
meta-networking/recipes-support/netcat/netcat_0.7.1.bb | 2 ++
1 file changed, 2 insertions(+)
Hi,
Could you please review the below patch?
Regards,
Sana Kazi
On Thu, 16 Dec 2021 at 16:23, Sana Kazi wrote:
> Add patch to fix CVE-2021-43527 which causes heap overflow in nss.
>
> Signed-off-by: Sana Kazi
> Signed-off-by: Sana Kazi
> ---
> .../nss/nss/CV
Add patch to fix CVE-2021-43527 which causes heap overflow in nss.
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
.../nss/nss/CVE-2021-43527.patch | 283 ++
meta-oe/recipes-support/nss/nss_3.51.1.bb | 1 +
2 files changed, 284 insertions(+)
create
Added patch for CVE-2020-12674
Link:
http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
...uth-mech-rpa-Fail-on-zero-len-buffer.patch | 30 +++
.../dovecot/dovecot_2.2.36.4.bb
Added patch for CVE-2020-12673
Link:
http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
...tlm-Check-buffer-length-on-responses.patch | 37 +++
.../dovecot/dovecot_2.2.36.4.bb
Added patches to fix CVE-2020-12100
Link:
http://archive.ubuntu.com/ubuntu/pool/main/d/dovecot/dovecot_2.2.33.2-1ubuntu4.7.debian.tar.xz
Signed-off-by: Sana Kazi
Signed-off-by: Sana Kazi
---
...-parser-Add-a-message_part_finish-he.patch | 76 +++
...-parser-Change-message_part_append
Hi,
It is merged in dunfell but not yet in master. Are you planning to merge it in
master?
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
From: Khem Raj
Sent: Friday, March 19, 2021 10:11 PM
To: Sana Kazi ; Openembedded-devel@lists.openembedded
Hi Team,
Could you please review below patch to be upstreamed for mdns
Thanks & Regards,
Sana Kazi
KPIT Technologies Limited
From: Sana Kazi
Sent: Tuesday, March 9, 2021 12:06 PM
To: Openembedded-devel@lists.openembedded.org
; raj.k...@gmail.com
://www.openwall.com/lists/oss-security/2021/01/19/1
Also, applied patch for below listed CVEs:
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
Signed-off-by: Sana Kazi
---
.../recipes-support/dnsmasq/dnsmasq_2.81.bb | 7 +-
.../dnsmasq/files/CVE-2020-25681.patch| 373
https://ubuntu.com/security/CVE-2007-0613
https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-0613
Signed-off-by: Sana Kazi
---
.../recipes-protocols/mdns/mdns_1310.40.42.bb | 13 +
1 file changed, 13 insertions(+)
diff --git a/meta-networking/recipes-protocols/mdns
CVE-2007-0613 is not applicable as it only affects Apple products
i.e. ichat,mdnsresponder, instant message framework and MacOS.
Also, https://www.exploit-db.com/exploits/3230 shows the part of code
affected by CVE-2007-0613 which is not preset in upstream source code.
Hence, CVE-2007-0613 does
15 matches
Mail list logo
