From 9f2fe367d85d79b9799fd3a158962be7e3d1d425 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 9 Mar 2026 10:19:55 +0100
Subject: [PATCH] libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837

Both CVEs have been fixed in v0.11.2, but NVD tracks these
vulnerabilities without version information.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb b/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb
index 1157f07d84..0976987717 100644
--- a/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb
+++ b/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb
@@ -51,3 +51,6 @@ CFLAGS:append:toolchain-clang:arm = " -fno-integrated-as"
 CXXFLAGS:append:toolchain-clang:arm = " -fno-integrated-as"
 
 FILES:${PN} += "${libdir}/gdk-pixbuf-2.0 ${datadir}"
+
+CVE_STATUS[CVE-2025-12474] = "fixed-version: fixed in v0.11.2"
+CVE_STATUS[CVE-2026-1837] = "fixed-version: fixed in v0.11.2"