meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 05:10:20 +00:00

Commit Graph

Author	SHA1	Message	Date
Gyorgy Sarvari	7f49deaf7e	libraw: mark CVE-2026-20911 and CVE-2026-21413 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2026-20911 https://nvd.nist.gov/vuln/detail/CVE-2026-21413 Both CVEs are tracked with incorrect version info: NVD indicates that 0.22.1 is explicitly vulnerable, but the fixes are actually included in this release. Relevant commits: CVE-2026-20911: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b CVE-2026-21413: https://github.com/LibRaw/LibRaw/commit/75ed2c12a35b765b3b6ad695cc1f044f19efe644 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>	2026-04-20 07:35:35 -07:00
Gyorgy Sarvari	7355320e12	libraw: mark fixed CVEs patched These CVEs have been fixed already in the current version, however NVD tracks them with incorrect version information. Commits that fix them: CVE-2026-20884: https://github.com/LibRaw/LibRaw/commit/aa4458eb511daeae90676c1ce5c587106e4aaec1 CVE-2026-24450: https://github.com/LibRaw/LibRaw/commit/c911c9b9edffa5fab99f828d0fee6dd2d0f6105f These commits were identified from the changelog of this version[1], which mentions the Talos ID of the vulnerabilities (and the Talos ID is mentioned in the NVD reports[2][3]). [1]: https://github.com/LibRaw/LibRaw/releases/tag/0.22.1 [2]: https://nvd.nist.gov/vuln/detail/CVE-2026-24450 [3]: https://nvd.nist.gov/vuln/detail/CVE-2026-20884 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>	2026-04-13 15:28:24 -07:00
Gyorgy Sarvari	357f65dd13	libraw: upgrade 0.21.4 -> 0.22.1 Contains fixes for CVE-2026-5318[1] and CVE-2026-5318[2] (both are tracked without a version by NVD, so they are explicitly marked as patched) License-update: copyright year bump Changelog: https://github.com/LibRaw/LibRaw/blob/0.22-stable/Changelog.txt [1]: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b [2]: https://github.com/LibRaw/LibRaw/commit/2468614a9cbcab6b75ca279ab60cac62156f7aeb Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>	2026-04-06 09:46:30 -07:00

Author

SHA1

Message

Date

Gyorgy Sarvari

7f49deaf7e

libraw: mark CVE-2026-20911 and CVE-2026-21413 patched

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-20911
https://nvd.nist.gov/vuln/detail/CVE-2026-21413

Both CVEs are tracked with incorrect version info: NVD indicates that
0.22.1 is explicitly vulnerable, but the fixes are actually included
in this release.

Relevant commits:
CVE-2026-20911: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b
CVE-2026-21413: https://github.com/LibRaw/LibRaw/commit/75ed2c12a35b765b3b6ad695cc1f044f19efe644

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-04-20 07:35:35 -07:00

Gyorgy Sarvari

7355320e12

libraw: mark fixed CVEs patched

These CVEs have been fixed already in the current version, however
NVD tracks them with incorrect version information.

Commits that fix them:
CVE-2026-20884: https://github.com/LibRaw/LibRaw/commit/aa4458eb511daeae90676c1ce5c587106e4aaec1
CVE-2026-24450: https://github.com/LibRaw/LibRaw/commit/c911c9b9edffa5fab99f828d0fee6dd2d0f6105f

These commits were identified from the changelog of this version[1], which mentions the
Talos ID of the vulnerabilities (and the Talos ID is mentioned in the NVD reports[2][3]).

[1]: https://github.com/LibRaw/LibRaw/releases/tag/0.22.1
[2]: https://nvd.nist.gov/vuln/detail/CVE-2026-24450
[3]: https://nvd.nist.gov/vuln/detail/CVE-2026-20884

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-04-13 15:28:24 -07:00

Gyorgy Sarvari

357f65dd13

libraw: upgrade 0.21.4 -> 0.22.1

Contains fixes for CVE-2026-5318[1] and CVE-2026-5318[2] (both are tracked without
a version by NVD, so they are explicitly marked as patched)

License-update: copyright year bump

Changelog: https://github.com/LibRaw/LibRaw/blob/0.22-stable/Changelog.txt

[1]: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b
[2]: https://github.com/LibRaw/LibRaw/commit/2468614a9cbcab6b75ca279ab60cac62156f7aeb

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

2026-04-06 09:46:30 -07:00

3 Commits