mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
24,391 Commits 64 Branches 0 Tags
1bdff724ed3229232f301dc686a1ee6dcfa1f74f
Commit Graph

24391 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gyorgy Sarvari 59d929e504 hiawatha: set a working SRC_URI 
The project has moved to a new site, old SRC_URI stopped working.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-22 20:56:33 +01:00
Gyorgy Sarvari 756cea5065 cherokee: patch CVE-2020-12845 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-12845

Pick the merge commit that mentions the vulnerability.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-22 20:56:31 +01:00
Gyorgy Sarvari 51a73766cc thunar: upgrade 4.16.9 -> 4.16.11 
Changelog:
4.6.11:
- Dont reload the view when text is copied
- NULL checks to prevent crash on malformed bookmark URI
- Use 'g_timeout_add_full' to set tree-view cursor
- Fix signal disconnect in thunar_window_unrealize
- Don't go beyond THUNAR_N_VISIBLE_COLUMNS while parsing col widths
- Translation Updates:

4.16.10:
- Fix signal disconnect to prevent crash
- Don't go beyond THUNAR_N_VISIBLE_COLUMNS while parsing col widths

https://gitlab.xfce.org/xfce/thunar/-/blob/thunar-4.16.11/NEWS

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-22 20:56:29 +01:00
Gyorgy Sarvari b14c81442b tumbler: upgrade 4.16.0 -> 4.16.1 
Changelog:
- gst-thumbnailer: Add mime type check
- desktop-thumbnailer: Guard against null path
- Fix typo in gthread version

https://gitlab.xfce.org/xfce/tumbler/-/blob/tumbler-4.16.1/NEWS

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-22 20:56:29 +01:00
Gyorgy Sarvari 32592b744d xfce4-panel: upgrade 4.16.3 -> 4.16.6 
Contains translation updates and assorted bugfixes.

Changelog:
https://gitlab.xfce.org/xfce/xfce4-panel/-/blob/xfce-4.16/NEWS

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-22 20:56:28 +01:00
Gyorgy Sarvari cb1d82ede5 xfdesktop: upgrade 4.16.0 -> 4.16.1 
Changelog:
- Resolve deadlock on background change
- Allocate memory after error processing
- Remove unused function call
- autoconf: Remove AC_HEADER_STDC
- Do not delete property not set
- Set a pixmap XID, not the XID of the root window
- Fix next background
- build: Fix intltool lock file problem during make distcheck
- Increase opacity of xfce-verticals bg
- Fix Applications Menu memory leak
- Fix gettext extraction from settings/xfce-backdrop-settings.desktop.in.in
- Translation Updates

https://github.com/xfce-mirror/xfdesktop/releases/tag/xfdesktop-4.16.1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-22 20:56:25 +01:00
Haixiao Yan 0d50915759 python3-django: fix CVE-2025-64459 
The methods QuerySet.filter(), QuerySet.exclude(), and QuerySet.get(), and the
class Q() were subject to SQL injection when using a suitably crafted
dictionary, with dictionary expansion, as the _connector argument.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-64459
https://shivasurya.me/security/django/2025/11/07/django-sql-injection-CVE-2025-64459.html

Upstream-patch:
https://github.com/django/django/commit/98e642c69181c942d60a10ca0085d48c6b3068bb

Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-18 09:10:52 +01:00
Gyorgy Sarvari 8611f92c20 proftpd: patch CVE-2024-48651 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-48651

Backport the patch mentioned in the NVD report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-17 15:38:00 +01:00
Gyorgy Sarvari 5c3e0fc516 openh264: patch CVE-2025-27091 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27091

The advisory confirms that the bug was fixed in v2.6.0.
When looking at the relevant Github advisory[1], it mentions
the name of the implementer. Pick the patch that was included
in this release, created by the mentioned Github account and
isn't only a cosmetic or build-system change.

[1]: https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-17 15:37:59 +01:00
Gyorgy Sarvari 94f3cecaae postgresql: upgrade 14.19 -> 14.20 
Beside other bugfixes, it contains fixes for CVE-2025-12817 and CVE-2025-12818.

Release notes: https://www.postgresql.org/docs/release/14.20/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-17 15:37:58 +01:00
Gyorgy Sarvari 4b1149b945 accountservice: ignore CVE-2023-3297 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297

The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is
not present in the recipe.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 071a45c9d7)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-17 15:37:55 +01:00
Gyorgy Sarvari 74491cf152 botan: patch CVE-2024-34702 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-34702

The same patch fixes both CVE-2024-39312 and CVE-2024-34702, according
to the release notes[1] of the final 2.9.x release.

[1]: https://github.com/randombit/botan/blob/2.19.5/news.rst

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-16 08:43:03 +01:00
Shinji Matsunaga 9b5b7102ca audit: Fix CVE_PRODUCT 
Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".

Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&product=audit

In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".

Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e87e51da49)

Adapted to Kirkstone.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-16 08:42:29 +01:00
Hitendra Prajapati ea388c67e4 wireshark: fix CVE-2025-13499 
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-16 08:41:05 +01:00
Kai Kang b1e0fadb72 mbedtls: fix CVE-2025-47917 
CVE-2025-47917 is that the function mbedtls_x509_string_to_names() takes
a head argument and performs a deep free() on it.

Backport patch to fix CVE-2025-47917 and drop the modification in doc
file and comment in header file which lack of context.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-16 08:39:06 +01:00
Gyorgy Sarvari cdd9a07823 gosu: set SRCREV_FORMAT variable 
The recipe fetches from multiple repositories, however the SRCREV_FORMAT
variable wasn't set. Due to this the recipe couldn't reuse sstate artifacts from
a mirror, only threw warnings:

WARNING: gosu-1.14-r0 do_package_qa_setscene: ExpansionError('SRCPV',
  '${@bb.fetch2.get_srcrev(d)}', FetchError('The SRCREV_FORMAT variable
  must be set when multiple SCMs are used.\nThe SCMs are:
  git://github.com/tianon/gosu.git;branch=master;protocol=https
  git://github.com/opencontainers/runc;name=runc;branch=main;protocol=https', None))
WARNING: Setscene task (/cocto/kirkstone-next/meta-openembedded/meta-oe/recipes-support/
  gosu/gosu_1.14.bb:do_package_qa_setscene) failed with exit code '1' - real task
  will be run instead

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-14 16:18:49 +01:00
Gyorgy Sarvari af6c27eaa1 sysdig: set SRCREV_FORMAT 
It fetches from multiple repositories, but didn't have SRCREV_FORMAT
set. Because of this, the recipe couldn't use sstate artifacts from
a mirror, just threw many warnings:

WARNING: sysdig-0.28.0-r0 do_package_qa_setscene: ExpansionError('SRCPV',
  '${@bb.fetch2.get_srcrev(d)}', FetchError('The SRCREV_FORMAT variable
  must be set when multiple SCMs are used.\nThe SCMs
  are:\ngit://github.com/draios/sysdig.git;branch=dev;protocol=https;name=sysdig
  git://github.com/falcosecurity/libs;protocol=https;branch=master;name=falco;subdir=git/falcosecurity-libs',
  None))
WARNING: Setscene task (/cocto/kirkstone-next/meta-openembedded/meta-oe/recipes-extended/sysdig/sysdig_0.28.0.bb
  :do_package_qa_setscene) failed with exit code '1' - real task will be run instead

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-14 16:18:48 +01:00
Gyorgy Sarvari d9fbd8560e zlog: patch CVE-2024-22857 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22857

Pick the patch from the PR mentioned by the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-14 16:18:47 +01:00
Gyorgy Sarvari 4437919060 znc: patch CVE-2024-39844 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39844

Pick the patch that is mentioned in the oss-security[1] advisory

[1]: https://www.openwall.com/lists/oss-security/2024/07/03/9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-14 16:18:46 +01:00
Divyanshu Rathore 2114ae5f26 ImageMagick: Fix CVE-2023-34151 
Backport the fix for CVE-2023-34151

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158]

Add below patch to fix
0011-ImageMagick-Fix-CVE-2023-34151.patch

Add below support patch to fix
0011-ImageMagick-Add-support-patch-1-to-fix-CVE-2023-3415.patch
0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch
0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:56 +01:00
Divyanshu Rathore 3a86962b26 ImageMagick: Fix CVE-2025-55298 
Backport the fix for CVE-2025-55298

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5]
                          [https://github.com/ImageMagick/ImageMagick/commit/1f93323df9d8c011c31bc4c6880390071f7fb895]

Add below patch to fix
0010-ImageMagick-Fix-CVE-2025-55298-1.patch
0010-ImageMagick-Fix-CVE-2025-55298-2.patch

Add below support patch to fix
0010-ImageMagick-Add-support-patch-1-to-fix-CVE-2025-5529.patch
0010-ImageMagick-Add-support-patch-2-to-fix-CVE-2025-5529.patch
0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:55 +01:00
Divyanshu Rathore a137e10750 ImageMagick: Fix CVE-2025-55154 
Backport the fix for CVE-2025-55154

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337]

Add below patch to fix
0009-ImageMagick-Fix-CVE-2025-55154.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:54 +01:00
Divyanshu Rathore 4f4cf3248e ImageMagick: Fix CVE-2025-57807 
Backport the fix for CVE-2025-57807

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e]

Add below patch to fix
0008-ImageMagick-Fix-CVE-2025-57807.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:53 +01:00
Divyanshu Rathore f978eae8fc ImageMagick: Fix CVE-2025-57803 
Backport the fix for CVE-2025-57803

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/61f444e5457e4e506c73f18460133c80c235ebb6]

Add below patch to fix
0007-ImageMagick-Fix-CVE-2025-57803.patch

Add below support patch to fix
0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:52 +01:00
Divyanshu Rathore 222e1b635e ImageMagick: Fix CVE-2025-55004 
Backport the fix for CVE-2025-55004

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa]

Add below patch to fix
0006-ImageMagick-Fix-CVE-2025-55004.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:51 +01:00
Divyanshu Rathore a1c2509aea ImageMagick: Fix CVE-2025-53019 
Backport the fix for CVE-2025-53019

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c]

Add below patch to fix CVE-2025-53019
0005-ImageMagick-Fix-CVE-2025-53019.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:50 +01:00
Divyanshu Rathore f0ce346514 ImageMagick: Fix CVE-2025-55005 
Backport the fix for CVE-2025-55005

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]

Add below patch to fix
0004-ImageMagick-Fix-CVE-2025-55005.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:49 +01:00
Divyanshu Rathore 7b1c9fa6fb ImageMagick: Fix CVE-2025-55160 
Backport the fix for CVE-2025-55160

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da]

Add below patch to fix
0003-ImageMagick-Fix-CVE-2025-55160.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:48 +01:00
Divyanshu Rathore bbcd2ab724 ImageMagick: Fix CVE-2025-53101 
Backport the fix for CVE-2025-53101

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774]

Add below patch to fix
0002-ImageMagick-Fix-CVE-2025-53101.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:47 +01:00
Divyanshu Rathore 520f64ef3c ImageMagick: Fix CVE-2025-53014 
Backport the fix for CVE-2025-53014

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03]

Add below patch to fix CVE-2025-53014
0001-ImageMagick-Fix-CVE-2025-53014.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:46 +01:00
Viswanath Kraleti cac725f7d2 gflags: switch Git branch from master to main 
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.

Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 19:22:39 +01:00
Valeria Petrov 46a6fbcdcb apache2: upgrade 2.4.65 -> 2.4.66 
Security fixes:
- CVE-2025-66200
- CVE-2025-65082
- CVE-2025-59775
- CVE-2025-58098
- CVE-2025-55753

See: http://www.apache.org/dist/httpd/CHANGES_2.4.66

Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 19:21:36 +01:00
Gyorgy Sarvari 97d4be2839 gupnp-igd: add ptest support 
Execution takes around 10 seconds.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:22 +01:00
Gyorgy Sarvari 590afd1a98 gupnp-av: add ptest support 
It takes around a second to execute the suite.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 65c2f6de55)

Adapted to Kirkstone.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:21 +01:00
Gyorgy Sarvari 535fc775a6 gupnp: add ptest support 
It takes almost 50 seconds on my machine to execute.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e7878d69ab)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:20 +01:00
Gyorgy Sarvari ff2b74df62 gssdp: add ptest support 
It is quick, it finished under 20 seconds on my machine.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 27865a96d5)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:19 +01:00
Gyorgy Sarvari d95d7c8e7b xrdp: add ptest support 
It takes under 10 seconds to run the suite.
Executed succesfully on x86-64, with musl and glibc.

The recipe requires pam DISTRO_FEATURE to be present.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 54ca51b6c6)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:17 +01:00
Gyorgy Sarvari dcc7681d01 xrdp: patch CVE-2022-23493 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23493

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:13 +01:00
Gyorgy Sarvari fc2c0460ab xrdp: patch CVE-2022-23484 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23484

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:11 +01:00
Gyorgy Sarvari e89a73a759 xrdp: patch CVE-2022-23483 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23483

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:10 +01:00
Gyorgy Sarvari e0e34a0615 xrdp: patch CVE-2022-23481 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:09 +01:00
Gyorgy Sarvari 07291c5d65 xrdp: patch CVE-2022-23480 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23480

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:09 +01:00
Gyorgy Sarvari d2a493539f xrdp: patch CVE-2022-23479 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23479

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:08 +01:00
Gyorgy Sarvari 444c8f69d2 xrdp: patch CVE-2022-23478 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23478

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:07 +01:00
Gyorgy Sarvari 74b0b81579 xrdp: patch CVE-2022-23477 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:06 +01:00
Gyorgy Sarvari 5709e8f6ec xrdp: patch CVE-2022-23468 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:05 +01:00
Gyorgy Sarvari f218f0373f xrdp: upgrade 0.9.18 -> 0.9.18.1 
Contains fix for CVE-2022-23613

Changelog: https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.18.1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:04 +01:00
Saravanan e2da1298ac python3-django: fix CVE-2025-32873 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32873

Upstream-patch:
https://github.com/django/django/commit/9cd8028f3e38dca8e51c1388f474eecbe7d6ca3c/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-05 15:29:59 +01:00
Saravanan ee59faebac python3-django: fix CVE-2024-53907 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-53907

Upstream-patch:
https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-05 15:29:58 +01:00
Saravanan 64e4cf9933 python3-django: fix CVE-2024-41991 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41991

Upstream-patch:
https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-05 15:29:55 +01:00