meta-openembedded

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00

Author	SHA1	Message	Date
Khem Raj	3c515557c4	dante: Add _GNU_SOURCE for musl builds This helps build fixes e.g. cpuset_t definitions etc. glibc builds have _GNU_SOURCE defined inherently. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `848bac20ea`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:17:22 +05:30
Gyorgy Sarvari	b42c7fbb73	dante: upgrade 1.4.3 -> 1.4.4 License-Update: copyright year bump Changelog: - Fix potential security issue CVE-2024-54662, related to "socksmethod" use in client/hostid-rules. - Add a missing call to setgroups(2). - Patch to fix compilation with libminiupnp 2.2.8. - Client connectchild optimizations. - Client SIGIO handling improvements. - Various configure/build fixes. - Updated to support TCP_EXP1 version of TCP hostid format. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `9f12c5fbc6`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:17:22 +05:30
Ankur Tyagi	d11b64e25e	frr: upgrade 10.4.1 -> 10.4.2 Release Notes: https://github.com/FRRouting/frr/releases/tag/frr-10.4.2 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:17:21 +05:30
Gyorgy Sarvari	8d54f36c15	xerces-c: set CVE_PRODUCT The related CVEs are tracked with "xerces-c\+\+" (sic). See CVE db query: sqlite> select vendor, product, count(*) from PRODUCTs where product like '%xerces%' group by 1, 2; apache\|xerces-c\+\+\|29 apache\|xerces-j\|2 apache\|xerces2_java\|3 redhat\|xerces\|3 Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `29a272744a`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:17:21 +05:30
Gyorgy Sarvari	6df897e314	lmdb: patch CVE-2026-22185 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-22185 Pick the patch that is mentioned as a solution in the related upstream bug[1]. [1]: https://bugs.openldap.org/show_bug.cgi?id=10421 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `e0f86a4a7f`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:17:20 +05:30
Gyorgy Sarvari	d30b9a5419	boinc-client: mark CVE-2013-2018 patched Details: https://nvd.nist.gov/vuln/detail/CVE-2013-2018 According to oss-security email[1], version 7.0.45 included the fixes[2][3][4] [1]: https://www.openwall.com/lists/oss-security/2013/04/29/11 [2]: https://github.com/BOINC/boinc/commit/6e205de096da83b12ffb2f0183b43e51261eb0c4 [3]: https://github.com/BOINC/boinc/commit/e8d6c33fe158129a5616e18eb84a7a9d44aca15f [4]: https://github.com/BOINC/boinc/commit/ce3110489bc139b8218252ba1cb0862d69f72ae3 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `2a78ad8813`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:17:20 +05:30
Ankur Tyagi	b6a71017ab	influxdb: ignore CVE-2024-30896 As mentioned in the comment[1], vulnerability is in /api/v2/authorizations API which only exists in 2.x, 1.x is not affected. Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30896 [1] https://github.com/influxdata/influxdb/issues/24797#issuecomment-2514690740 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `2f1d7a8597`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:17:20 +05:30
Gyorgy Sarvari	6d6dbabb28	boinc-client: set CVE_PRODUCT The relevant CVEs are tracked with underscore in their name. See CVE db query: sqlite> select vendor, product, count(*) from PRODUCTs where product like '%boinc%' group by 1, 2; berkeley\|boinc_client\|2 berkeley\|boinc_forum\|1 universityofcalifornia\|boinc_client\|165 universityofcalifornia\|boinc_server\|5 Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `31de060b48`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:17:19 +05:30
Gyorgy Sarvari	9cb5abd34b	asyncmqtt: set CVE_PRODUCT The CVEs are tracked with an underscore in the product name: sqlite> select * from PRODUCTs where product like '%async%mq%'; CVE-2025-65503\|redboltz\|async_mqtt\|10.2.5\|=\|\| This patch sets the correct CVE_PRODUCT. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `4da079d7f5`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:17:19 +05:30
Gyorgy Sarvari	835f1ef688	libcereal: set CVE_PRODUCT The relevant CVEs are associated with usc:cereal CPE. See CVE db query: sqlite> select * from PRODUCTS where PRODUCT like '%cereal%'; CVE-2020-11104\|usc\|cereal\|\|\|1.3.0\|<= CVE-2020-11105\|usc\|cereal\|\|\|1.3.0\|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `6e936626cb`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:20 +05:30
Gyorgy Sarvari	57b188f8bc	raptor2: set CVE_PRODUCT All relevant CVEs are files against these CPEs. See CVE db query (zediious vendor is not relevant): sqlite> select * from PRODUCTs where PRODUCT like '%raptor%' and vendor <> 'symantec' and product <> 'velociraptor'; CVE-2012-0037\|librdf\|raptor\|\|\|2.0.7\|< CVE-2017-18926\|librdf\|raptor_rdf_syntax_library\|2.0.15\|=\|\| CVE-2020-25713\|librdf\|raptor_rdf_syntax_library\|2.0.15\|=\|\| CVE-2023-49078\|zediious\|raptor-web\|0.4.4\|=\|\| CVE-2024-57822\|librdf\|raptor_rdf_syntax_library\|\|\|2.0.16\|<= CVE-2024-57823\|librdf\|raptor_rdf_syntax_library\|\|\|2.0.16\|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `15aca0b2fa`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:20 +05:30
Liu Yiding	5c64a792b6	libsdl3: upgrade 3.2.28 -> 3.2.30 Changelog: https://github.com/libsdl-org/SDL/releases/tag/release-3.2.30 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `a524aaddac`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:19 +05:30
Ankur Tyagi	351df9d54e	libjxl: Fix build error with arm and musl Build fails for qemuarm with musl with following error: /build/tmp/work/cortexa15t2hf-neon-poky-linux-musleabi/libjxl/0.11.1/sources/libjxl-0.11.1/lib/jxl/convolve_separable5.cc \| error: out of range pc-relative fixup value Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `63ae47a70d`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:19 +05:30
Ankur Tyagi	6cb598129d	mozjs-128: Fix build error with arm and musl Build fails for qemuarm with musl with following error: mozglue/misc/StackWalk.o: in function `unwind_callback(_Unwind_Context, void)': \| /usr/src/debug/mozjs-128/128.5.2/mozglue/misc/StackWalk.cpp:810:(.text._ZL15unwind_callbackP15_Unwind_ContextPv+0x4): undefined reference to `_Unwind_GetIP' Referenced commit[1] for the fix, also refreshed patches. [1] https://github.com/OSSystems/meta-browser/commit/bb8662912354dae13634c0ec35c3803c344b1e72 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `30942cebe8`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:18 +05:30
Wang Mingyu	91193c97a3	libsdl3-image: upgrade 3.2.4 -> 3.2.6 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Release Notes: https://github.com/libsdl-org/SDL_image/releases/tag/release-3.2.6 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:18 +05:30
Gyorgy Sarvari	6d1c5be67b	smarty: extend CVE_PRODUCT Some CVEs assign smarty-php as the vendor to the corresponding CPE. E.g CVE-2024-35226[1] is tracked with smarty-php:smarty by mitre (NVD tracks it without CPE). [1]: https://cveawg.mitre.org/api/cve/CVE-2024-35226 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `1aee6a403c`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:18 +05:30
Khem Raj	f3407694b8	vboxguestdrivers: Upgrade to 7.2.4 This is a maintenance release. The following items were fixed or added: GUI: Fixed VirtualBox VM Manager crash when host was resuming from sleep (github:gh-121, github:gh-170) GUI: Updated native language support for Traditional Chinese, Greek, Swedish, Hungarian and Indonesian translations NAT: Fixed issue when multiple port forwarding rules affected NAT functionality (github:gh-232) Linux host and guest: Introduced initial support for kernel 6.18 Linux Guest Additions: Introduced additional fixes for RHEL 9.6 and 9.7 kernels (github:GH-12) Windows Guest Additions: Introduced additional fixes for issue when installation was failing in Windows XP SP2 guest (github:GH-142) Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Bruce Ashfield <bruce.ashfield@gmail.com> (cherry picked from commit `0ecf2814b2`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:17 +05:30
Wang Mingyu	1b5228dcce	libdecor: upgrade 0.2.4 -> 0.2.5 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Changelog: https://gitlab.freedesktop.org/libdecor/libdecor/-/compare/0.2.4...0.2.5?from_project_id=18349 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:17 +05:30
Wang Mingyu	d879c37905	cryptsetup: upgrade 2.8.1 -> 2.8.3 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `6f41c5872d`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:16 +05:30
Gyorgy Sarvari	5508b827fb	nodejs: remove extra CVE_PRODUCT CVE_PRODUCT is specified twice - the second instance only duplicates one value from the first instance. Remove this extra CVE_PRODUCT. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `6ff9252484`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:16 +05:30
Ankur Tyagi	441cf7db11	php: upgrade 8.4.16 -> 8.4.17 Changelog: https://www.php.net/ChangeLog-8.php#8.4.17 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:15 +05:30
Wang Mingyu	4beb45b615	microsoft-gsl: upgrade 4.2.0 -> 4.2.1 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `1d33fb39d9`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:15 +05:30
Dmitry Baryshkov	cce0f2d7cd	vulkan-cts: upgrade 1.4.4.0 -> 1.4.4.2 Upgrade Vulkan CTS to the point release, fixing several tests. While we are at it, refresh Vulkan-Video-Samples patches. Signed-off-by: Dmitry Baryshkov <dmitry.baryshkov@oss.qualcomm.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `374949c531`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:14 +05:30
Jiaying Song	a1a87ebf04	minicoredumper: fix 2038 year problem in timestamp handling The minicoredumper has multiple 2038 year problems where 'long' type variables and strtol() function calls cause overflow on 32-bit systems when handling timestamps after 2038-01-19. This leads to incorrect timestamp formatting in core dump directory names (e.g., sleep40s.20380119.031407+0000.598). Fix by changing 'long timestamp' to 'time_t timestamp' and replacing strtol() with strtoll() to properly handle 64-bit timestamps on 32-bit systems. Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `b5685fb375`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:14 +05:30
Wang Mingyu	199ca0c29d	usb-modeswitch: upgrade 2.6.1 -> 2.6.2 0001-Fix-build-with-gcc-15.patch removed since it's included in 2.6.2 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `dfbe08b6c3`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:13 +05:30
Wang Mingyu	5a9ced1fd5	usb-modeswitch-data: upgrade 20191128 -> 20251207 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `8f2c436db5`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:13 +05:30
Wang Mingyu	650978be5c	libsdl3: upgrade 3.2.26 -> 3.2.28 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `26e3ef119b`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:12 +05:30
Liu Yiding	cb3faee20b	liblognorm: upgrade 2.0.7 -> 2.0.8 Change log ========== Version 2.0.8, 2025-12-04 - fix potential segfault on some platforms Thanks to Julian Thomas for a fix - fix memory leak when a custom type in rules does not match Thanks to Meric Sentunali for the fix and Julian Thomas for alerting me of the missing merge. Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `c627784366`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:12 +05:30
Wang Mingyu	6d4fdf7f7e	parallel: upgrade 20251022 -> 20251122 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `c9c4b5a887`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:12 +05:30
Wang Mingyu	f2c80b13c4	python3-psycopg: upgrade 3.2.12 -> 3.2.13 Changelog: ============== - Show the host name in the error message in case of name resolution error - Fix Cursor.copy() and AsyncCursor.copy() to hold the connection lock for the entire operation, preventing concurrent access issues - Fix GSSAPI check with C extension built with libpq < v16 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `4b297312d7`) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:11 +05:30
Peter Marko	c870a26c00	libcoap: set CVE version suffix CVE metrics currently report CVE-2025-34468 as open. CPE is <=4.3.5, while recipe version is 4.3.5a which is a higher version, however by default cve-check only compares numbers. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:11 +05:30
Peter Marko	08d81e661e	libsodium: patch CVE-2025-69277 Pick patch per [1]. [1] https://nvd.nist.gov/vuln/detail/CVE-2025-69277 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:10 +05:30
Peter Marko	0d737e1419	net-snmp: patch CVE-2025-68615 Pick patch per [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-68615 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-20 10:15:07 +05:30
Gyorgy Sarvari	c6849e7529	python3-django: upgrade 5.2.8 -> 5.2.9 Includes fix for CVE-2025-13372 and CVE-2025-64460 Changelog: https://github.com/django/django/blob/5.2.9/docs/releases/5.2.9.txt Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `2538918df1`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:59 +05:30
Gyorgy Sarvari	9a6b60af3e	python3-django: upgrade 4.2.26 -> 4.2.27 Contains fix for CVE-2025-13372 and CVE-2025-64460 Changelog: https://github.com/django/django/blob/4.2.27/docs/releases/4.2.27.txt Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `fae6fe9b41`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:58 +05:30
Gyorgy Sarvari	b964b9858b	python3-configobj: ignore CVE-2023-26112 Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112 The used version (5.0.9) contains the fix[1] already - ignore the CVE. [1]: https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:58 +05:30
Gyorgy Sarvari	e51133657a	postgresql: upgrade 17.6 -> 17.7 It contains fixes for CVE-2025-12817 and CVE-2025-12818. Changelog: https://www.postgresql.org/docs/release/17.7/ Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `8217b90e94`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:57 +05:30
Gyorgy Sarvari	7c1e9999d0	php: upgrade 8.4.15 -> 8.4.16 This is a bugfix release, containing fixes for CVE-2025-14177, CVE-2025-14178 and CVE-2025-14180. Changelog: https://www.php.net/ChangeLog-8.php#8.4.16 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:57 +05:30
Gyorgy Sarvari	303f5afacf	openvpn: upgrade 2.6.16 -> 2.6.17 Contains fix for CVE-2025-13751 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:56 +05:30
Hugo SIMELIERE	925318887e	libwebsockets: fix CVE-2025-11678 Backport a fix from Debian: https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11678.patch Upstream commit: https://github.com/warmcat/libwebsockets/commit/2bb9598562b37c942ba5b04bcde3f7fdf66a9d3a Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit `5fab8bd31b`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:56 +05:30
Hugo SIMELIERE	9570160dae	libwebsockets: fix CVE-2025-11677 Backport a fix from Debian: https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11677.patch Upstream commit: https://github.com/warmcat/libwebsockets/commit/2f082ec31261f556969160143ba94875d783971a Signed-off-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit `da04d7003e`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:55 +05:30
Gyorgy Sarvari	94e21ed9b5	libcoap: ignore CVE-2025-50518 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518 The vulnerability is disputed by upstream, because the vulnerability requires a user error, incorrect library usage. See also an upstream discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `598176e1cb`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:55 +05:30
Gyorgy Sarvari	b8127adea4	imagemagick: upgrade 7.1.2-8 -> 7.1.2-12 Contains fix for CVE-2025-65955 and CVE-2025-69204. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:54 +05:30
Gyorgy Sarvari	a06ce2aa74	gimp: patch CVE-2025-14425 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14425 Backport the patch referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `49732c90c0`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:54 +05:30
Gyorgy Sarvari	f9add3e25a	gimp: patch CVE-2025-14424 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `b16c1a543a`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:53 +05:30
Gyorgy Sarvari	732aa8f936	gimp: patch CVE-2025-14423 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423 Pick the patch references by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `6aa5720e76`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:53 +05:30
Gyorgy Sarvari	b680240a03	gimp: patch CVE-2025-14422 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14422 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `a0b41204af`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:53 +05:30
Gyorgy Sarvari	ed4878b3bc	freerdp3: ignore CVE-2025-68118 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118 It is a Windows only vulnerability, ignore it. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:52 +05:30
Ankur Tyagi	22b7851cde	fetchmail: patch CVE-2025-61962 Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit `0d9da11052`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:52 +05:30
Gyorgy Sarvari	0827d22e4c	civetweb: ignore CVE-2025-9648 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9648 It is already fixed in the currently used version. Also, update CVE-2025-55763's status to "fixed-version" (so it will be marked as "Patched" in the CVE report instead of "Ignored") Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit `bfb76da63b`) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2026-01-06 18:07:51 +05:30

1 2 3 4 5 ...

36308 Commits