Commit Graph

4 Commits

Author SHA1 Message Date
Theo Gaige 7acc744194 dash: fix CVE-2026-31323
Backport upstream fix for CVE-2026-31323 [1].

[1] https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3

Signed-off-by: Theo Gaige <tgaige.opensource@witekio.com>
Reviewed-by: Bruno Vernay <bruno.vernay@se.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2026-05-21 08:57:48 +05:30
Peter Marko b2a0dd6c8d dash: set CVE_PRODUCT
This removes false positive CVE-2024-21485 from cve reports.

$ sqlite3 nvdcve_2-2.db
sqlite> select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|<
CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|<

Our dash:dash did not reach major version 1 yet.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1427013e0)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
2025-10-30 14:43:34 +08:00
Dan McGregor 5cfc85d2cf dash: correct licence
According to its copyright file, dash is only BSD-3-Clause. It has
a build time tool from bash that's under the GPL, but only the
tool's output is used, not the tool itself. So all compiled artefacts
in dash appear to share the same licence.

Signed-off-by: Dan McGregor <dan.mcgregor@usask.ca>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2024-04-07 08:36:35 -07:00
Wang Mingyu 98480b3e1b dash: upgrade 0.5.11.5 -> 0.5.12
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
2022-12-23 08:52:22 -08:00