mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-31 01:10:08 +00:00
Code Issues Projects Releases Wiki Activity

libraw: mark fixed CVEs patched

Browse Source 
These CVEs have been fixed already in the current version, however
NVD tracks them with incorrect version information.

Commits that fix them:
CVE-2026-20884: https://github.com/LibRaw/LibRaw/commit/aa4458eb511daeae90676c1ce5c587106e4aaec1
CVE-2026-24450: https://github.com/LibRaw/LibRaw/commit/c911c9b9edffa5fab99f828d0fee6dd2d0f6105f

These commits were identified from the changelog of this version[1], which mentions the
Talos ID of the vulnerabilities (and the Talos ID is mentioned in the NVD reports[2][3]).

[1]: https://github.com/LibRaw/LibRaw/releases/tag/0.22.1
[2]: https://nvd.nist.gov/vuln/detail/CVE-2026-24450
[3]: https://nvd.nist.gov/vuln/detail/CVE-2026-20884

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-13 20:02:24 +02:00
committed by Khem Raj
parent 15b3c0f141
commit 7355320e12
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/libraw/libraw_0.22.1.bb
+2
View File
@@ -11,3 +11,5 @@ DEPENDS = "jpeg jasper lcms"
CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1"
CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"
CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1"
CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1"