From bd41441bf39c338ba43e143691932f893bdbda62 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Sat, 21 Mar 2026 20:48:56 +0100
Subject: [PATCH] libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837

Both vulnerabilities have been fixed in 0.10.5.

Relevant commits:
CVE-2025-12474: https://github.com/libjxl/libjxl/commit/5ce68976a5abfaea7b3086036ab9f6543ab5b29e
CVE-2026-1837: https://github.com/libjxl/libjxl/commit/36b0cecaa12f643d03c16bd32e5f83775c912b07

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-multimedia/libjxl/libjxl_0.10.5.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-oe/recipes-multimedia/libjxl/libjxl_0.10.5.bb b/meta-oe/recipes-multimedia/libjxl/libjxl_0.10.5.bb
index 0a17d50be0..74a43f44d6 100644
--- a/meta-oe/recipes-multimedia/libjxl/libjxl_0.10.5.bb
+++ b/meta-oe/recipes-multimedia/libjxl/libjxl_0.10.5.bb
@@ -36,3 +36,6 @@ PACKAGECONFIG[gimp] = "-DJPEGXL_ENABLE_PLUGIN_GIMP210=ON,-DJPEGXL_ENABLE_PLUGIN_
 PACKAGECONFIG[mime] = "-DJPEGXL_ENABLE_PLUGIN_MIME=ON,-DJPEGXL_ENABLE_PLUGIN_MIME=OFF"
 
 FILES:${PN} += "${libdir}/gdk-pixbuf-2.0 ${datadir}"
+
+CVE_STATUS[CVE-2025-12474] = "fixed-version: fixed in 0.10.5"
+CVE_STATUS[CVE-2026-1837] = "fixed-version: fixed in 0.10.5"