mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 05:10:20 +00:00
Code Issues Projects Releases Wiki Activity

libraw: mark CVE-2026-20911 and CVE-2026-21413 patched

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-20911
https://nvd.nist.gov/vuln/detail/CVE-2026-21413

Both CVEs are tracked with incorrect version info: NVD indicates that
0.22.1 is explicitly vulnerable, but the fixes are actually included
in this release.

Relevant commits:
CVE-2026-20911: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b
CVE-2026-21413: https://github.com/LibRaw/LibRaw/commit/75ed2c12a35b765b3b6ad695cc1f044f19efe644

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-20 08:27:49 +02:00
committed by Khem Raj
parent de5f93f95d
commit 7f49deaf7e
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-support/libraw/libraw_0.22.1.bb
+2
View File
@@ -13,3 +13,5 @@ CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1"
CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"
CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1"
CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1"
CVE_STATUS[CVE-2026-20911] = "fixed-version: fixed since 0.22.1"
CVE_STATUS[CVE-2026-21413] = "fixed-version: fixed since 0.22.1"