Changelog:
=============
- config file parser dynamically allocates linebuffer to allow multithreaded applications
- parse time values in model configuration file
- config file generator: added missing code for GSEControl
- Config file generator: support multiple access points for GOOSE and SMV control blocks
- config file generator: added code to add SMVCBs to config files
- IED server: added code to create SMVCBs with the dynamic model API
- MMS server: added support for write access with component alternate access
- MMS client: added function MmsConnection_writeVariableComponent to write to variables with alternate component access
- make write access to RCB elements configurable according to ReportSettings
- Added function IedConnection_setLocalAddress to define local IP address and optionally local port of a client connection
- IED server: added ControlAction_getSynchroCheck and ControlAction_getInterlockCheck functions
- fixed - IEC 61580 server: dataset is not released when RCB.Datset is set to empty string by client
- PAL: fixed wrong order of function arguments for fread and fwrite functions
- MMS client: parsing of servicecsSupported in MMS init response is off by one
- fixed - potential memory leaks in goose publisher code
- fixed - server sends dchg report when only dupd is enabled in RCB
- GOOSE subscriber: fixed - possible heap corruption in parseAllData due to missing validity check in bit-string handling
- IED server: fixed problem with implicit ResvTms setting when reserved with RptEna
- IED server: fixed - segmentation fault when compiled with CONFIG_MMS_THREADLESS_STACK
- fixed - MMS server: messages can be corrupted when TCP buffer is full
- fixed - .NET: IedConenction.WriteDataSetValues throws a NullReferenceException
- fixed - server send invalid response- when client uses wrong ctlModel
- fixed - IedConnection_setRCBValuesAsync crashes when RCB is already reserved by other client
- fixed - outstanding call not released in IedConnection_getDataSetDirectoryAsync
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1b0f933f5b)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Poppler ia a library for rendering PDF files, and examining or
modifying their structure. A use-after-free (write) vulnerability
has been detected in versions Poppler prior to 25.10.0 within the
StructTreeRoot class. The issue arises from the use of raw pointers
to elements of a `std::vector`, which can lead to dangling pointers
when the vector is resized. The vulnerability stems from the way that
refToParentMap stores references to `std::vector` elements using raw
pointers. These pointers may become invalid when the vector is resized.
This vulnerability is a common security problem involving the use of
raw pointers to `std::vectors`. Internally, `std::vector `stores its
elements in a dynamically allocated array. When the array reaches its
capacity and a new element is added, the vector reallocates a larger
block of memory and moves all the existing elements to the new location.
At this point if any pointers to elements are stored before a resize
occurs, they become dangling pointers once the reallocation happens.
Version 25.10.0 contains a patch for the issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-52885
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/4ce27cc826bf90cc8dbbd8a8c87bd913cccd7ec0
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Changelog:
6.2.19:
(CVE-2025-32023) Fix out-of-bounds write in HyperLogLog commands
(CVE-2025-48367) Retry accepting other connections even if the accepted connection reports an error
6.2.20:
(CVE-2025-49844) A Lua script may lead to remote code execution
(CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE
(CVE-2025-46818) A Lua script can be executed in the context of another user
(CVE-2025-46819) LUA out-of-bound read
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a22715b82)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Per [1] this is a problem of applications using memcached inproperly.
This should not be a CVE against php-memcached, but for whatever
software the issue was actually found in. php-memcached and
libmemcached provide a VERIFY_KEY flag if they're too lazy to
filter untrusted user input.
[1] https://github.com/php-memcached-dev/php-memcached/issues/519
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 889ccce684)
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-26623
Apply the first to PRs from the relevant issue.
(The second PR adds a test, and the 3rd PR tries to reimplement
correctly the feature that introduced the vulnerability:
it is switching some raw pointers to smart pointers. It was not picked
because the
1. In the original issue it is stated that the first PR itself
fixes the vulnerability
2. The patch doesn't apply clean due to the time gap between our
and their version
3. The behavior of the application does not change
)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 7907a3e206)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
This removes false positive CVE-2024-21485 from cve reports.
$ sqlite3 nvdcve_2-2.db
sqlite> select * from products where product = 'dash';
CVE-2009-0854|dash|dash|0.5.4|=||
CVE-2024-21485|plotly|dash|||2.13.0|<
CVE-2024-21485|plotly|dash|2.14.0|>=|2.15.0|<
Our dash:dash did not reach major version 1 yet.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e1427013e0)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
github-releases is needed that it work at all:
ERROR: Automatic discovery of latest version/revision failed - you must provide a version using the --version/-V option, or for recipes that fetch from an SCM such as git, the --srcrev/-S option.
UPSTREAM_CHECK_GITTAGREGEX is needed to get correct version, otherwise:
$ devtool latest-version corosync
...
INFO: Current version: 3.1.6
INFO: Latest version: 414.336.75.75.75
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 9aed476a90)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
Ankur Tyagi
Wang Mingyu
Gyorgy Sarvari
Yogita Urade
Praveen Kumar
Peter Marko
Ninette Adhikari
Vijay Anusuri
Saravanan
Yi Zhao
Khem Raj
Christos Gavros