mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
30,743 Commits 64 Branches 0 Tags
23edbe268c53b33b5a5a93fc1af50b4170a32dcd
Commit Graph

30743 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ankur Tyagi 23edbe268c vlc: patch CVE-2024-46461 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-46461

Backport the patch mentioned in the news[1] that fixes this vulnerabililty.

https://code.videolan.org/videolan/vlc/-/blob/3.0.21/NEWS?ref_type=tags#L44

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 08:12:20 +05:30
Peter Marko 774c7ed3fd sox: extend CVE_PRODUCT 
Add all relevant items from queries:
$ sqlite3 nvdcve_2-2.db
sqlite> select vendor, product, count(*) from products where product like '%sox%' group by vendor, product;
commugen|sox_365|1
libsox_project|libsox|1
sox|sox|3
sox_project|sox|10
sqlite> select vendor, product, count(*) from products where product like '%sound_exchange%' group by vendor, product;
sound_exchange_project|sound_exchange|16

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit a68c3df41c)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 08:12:19 +05:30
Ankur Tyagi 42b615f953 libde265: patch CVE-2023-47471 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-47471

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 08:12:19 +05:30
Ankur Tyagi e83565b24a libde265: patch CVE-2023-43887 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-43887

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 08:12:19 +05:30
Ankur Tyagi c49bff1273 wolfssl: patch CVE-2025-7394 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7394

Backport patches from the PR[1][2][3] mentioned in the changelog[4].

[1] https://github.com/wolfSSL/wolfssl/pull/8849
[2] https://github.com/wolfSSL/wolfssl/pull/8867
[3] https://github.com/wolfSSL/wolfssl/pull/8898
[4] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 08:12:18 +05:30
Ankur Tyagi df26bbaaba tinyproxy: patch CVE-2025-63938 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 08:12:13 +05:30
Ankur Tyagi e90c455347 znc: patch CVE-2024-39844 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39844

Backport commit[1] from https://github.com/znc/znc/releases/tag/znc-1.9.1
[1] https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:52:00 +05:30
Ankur Tyagi bfd8dda3ba proftpd: patch CVE-2024-48651 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-48651

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:52:00 +05:30
Ankur Tyagi bad750ad27 open62541: patch CVE-2024-53429 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-53429

Backport the patch mentioned in the comment[1] which fixed this CVE.

[1] https://github.com/open62541/open62541/issues/6825#issuecomment-2460650733

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:59 +05:30
Ankur Tyagi c73fe4bd7e mtr: patch CVE-2025-49809 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49809

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:59 +05:30
Ankur Tyagi b45ac4e0ef libcoap: patch CVE-2025-34468 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-34468

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:58 +05:30
Ankur Tyagi c0c54373e9 frr: ignore CVE-2024-44070 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-44070

The PR[1] fixing this CVE was backported[2] to stable/9.1 and commit[3]
exists in the current version so we can ignore it.

$ git tag --contains 21cd931 | grep frr-9.1.3
frr-9.1.3

[1] https://github.com/FRRouting/frr/pull/16497
[2] https://github.com/FRRouting/frr/pull/16504
[3] https://github.com/FRRouting/frr/commit/21cd931a5f9303e12104c72ce31ca383c0c57514

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:58 +05:30
Khem Raj 7e4c89a25e dante: Add _GNU_SOURCE for musl builds 
This helps build fixes e.g. cpuset_t definitions etc.
glibc builds have _GNU_SOURCE defined inherently.

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 848bac20ea)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:57 +05:30
Gyorgy Sarvari f0fa984d16 dante: upgrade 1.4.3 -> 1.4.4 
License-Update: copyright year bump

Changelog:
- Fix potential security issue CVE-2024-54662, related to "socksmethod"
  use in client/hostid-rules.
- Add a missing call to setgroups(2).
- Patch to fix compilation with libminiupnp 2.2.8.
- Client connectchild optimizations.
- Client SIGIO handling improvements.
- Various configure/build fixes.
- Updated to support TCP_EXP1 version of TCP hostid format.

https://www.inet.no/dante/announce-1.4.4

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:57 +05:30
Ankur Tyagi 2aa20b7141 cifs-utils: patch CVE-2025-2312 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:56 +05:30
Gyorgy Sarvari 626bcb7f86 imagemagick: patch CVE-2025-65955 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-65955

Pick the patch that is mentioned by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:56 +05:30
Gyorgy Sarvari 24e4caa837 imagemagick: patch CVE-2025-62171 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-62171

Pick the patch that's mentioned by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:56 +05:30
Gyorgy Sarvari aeb80bb058 imagemagick: patch CVE-2025-57807 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57807

Backport the patch that's mentioned in the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:55 +05:30
Gyorgy Sarvari 9d92eeacdf imagemagick: patch CVE-2025-57803 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57803

Backport the patch that is mentioned in the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:55 +05:30
Gyorgy Sarvari 29fa171a9d imagemagick: patch CVE-2025-55212 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55212

Backport the patch that is mentioned in the NVD advisory.

Notes about the backport:
The original patch deletes two extra lines compared to the backport:
those lines were a previous attempt[1] to solve the same vulnerability,
and the final patch reverted them. Since that patch wasn't part of the
recipe, those deletions were dropped from the backported patch.

The PerceptibleReciprocal function was renamed[2] to MagickSafeReciprocal
after the recipe's revision, but there were no functional changes
in the function's behavior.

[1]: https://github.com/ImageMagick/ImageMagick/commit/43d92bf855155e8e716ecbb50ed94c2ed41ff9f6
[2]: https://github.com/ImageMagick/ImageMagick/commit/7e5d87fe6e9

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:54 +05:30
Gyorgy Sarvari 118df68d25 imagemagick: patch CVE-2025-55160 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55160

Pick the patch that mentions the related github advisory[1]
in its commit message.

[1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-6hgw-6x87-578x

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:54 +05:30
Gyorgy Sarvari dd13a60248 imagemagick: patch CVE-2025-55154 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55154

Pick the patch that mentions the related github advisory[1]
in its commit message.

[1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qp29-wxp5-wh82

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:53 +05:30
Gyorgy Sarvari df19121bc6 imagemagick: patch CVE-2025-55005 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55005

Pick the patch that mentions the related github advisory[1] in its
commit message.

[1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-v393-38qx-v8fp

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:53 +05:30
Gyorgy Sarvari b32dcf53ce imagemagick: patch CVE-2025-55004 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-55004

Pick the patch that mentions the related github advisory[1] explicitly in
its commit message.

[1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cjc8-g9w8-chfw

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:52 +05:30
Gyorgy Sarvari 2d4ca24273 imagemagick: patch CVE-2025-53101 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53101

Backport the patch that is referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:52 +05:30
Gyorgy Sarvari 482f541705 imagemagick: patch CVE-2025-53019 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53019

Pick the commit that is marked as a fix at the bottom of the relevant
github advisory[1].

[1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-cfh4-9f7v-fhrc

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:51 +05:30
Gyorgy Sarvari 7c479d21cd imagemagick: patch CVE-2025-53015 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53015

Backport the patches marked as a solution at the bottom of the relevant
github advisory[1].

[1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-vmhh-8rxq-fp9g

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:51 +05:30
Gyorgy Sarvari e9916715c9 imagemagick: patch CVE-2025-53014 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-53014

Pick the commit that is mentioned as a solution at the bottom of
the relevant Github advisory[1].

[1]: https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-hm4x-r5hc-794f

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:50 +05:30
Gyorgy Sarvari 80175b4a47 imagemagick: mark CVE-2023-5341 as patched 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-5341

The fix[1] mentioned in the NVD report has been part of the recipe since
7.1.1-19.

[1]: https://github.com/ImageMagick/ImageMagick/commit/aa673b2e4defc7cad5bec16c4fc8324f71e531f1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:50 +05:30
Gyorgy Sarvari 90fdbcf82b imagemagick: upgrade 7.1.1-26 -> 7.1.1-47 
Contains fixes for CVE-2024-41817, CVE-2025-43965 and CVE-2025-46393

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:51:50 +05:30
Peter Marko 98f1eff432 net-snmp: patch CVE-2025-68615 
Pick patch per [1].

[1] https://security-tracker.debian.org/tracker/CVE-2025-68615

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:50:50 +05:30
Colin McAllister 1477114ae4 nginx: Fix CVE-2025-23419 for 1.25.5 
Updates nginx.inc to apply CVE-2025-23419.patch to both 1.24.0 and
1.25.5. However, a unique patch is provided for 1.25.5 since the
upstream patch for CVE-2025-23419 can be cleanly applied to 1.25.5.

Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Change-Id: Ia7b8e16067781776cf0a39fac757f8d25ac118fa
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:50:50 +05:30
Colin McAllister 63e2e60787 nginx: upgrade 1.25.4 -> 1.25.5 
Changelog:
==========
https://nginx.org/en/CHANGES

*) Feature: virtual servers in the stream module.

*) Feature: the ngx_stream_pass_module.

*) Feature: the "deferred", "accept_filter", and "setfib" parameters of
the "listen" directive in the stream module.

*) Feature: cache line size detection for some architectures.

*) Feature: support for Homebrew on Apple Silicon.

*) Bugfix: Windows cross-compilation bugfixes and improvements.

*) Bugfix: unexpected connection closure while using 0-RTT in QUIC.

Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:50:49 +05:30
Sanjay Chitroda 3835a88f94 recipes-core/toybox: Switch SRC_URI to HTTPS for reliable fetch 
The upstream site (landley.net) serves inconsistent content when using HTTP,
causing checksum mismatches during do_fetch. Using HTTPS ensures stable
downloads and resolves checksum failures.

Signed-off-by: Sanjay Chitroda <sanjayembeddedse@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:50:49 +05:30
Vijay Anusuri 93d489967c python3-cbor2: Fix CVE-2025-64076 
Upstream-Status: Backport from https://github.com/agronholm/cbor2/commit/2349197bea8ebd1bf57a68f4a6549d8fd7585e66

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2026-01-12 07:50:45 +05:30
Gyorgy Sarvari 2b26d30fc7 atop: patch CVE-2025-31160 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31160

Backport the patch that's subject references the CVE id explicitly.

I was able to verify the patch with a reproducer[1] (which is mentioned
in a reference[2] in the nvd report). Without the patch atop crashed,
with the patch it worked fine (both with and without -k/-K flags).

[1]: https://blog.bismuth.sh/blog/bismuth-found-the-atop-bug
[2]: https://gist.github.com/kallsyms/3acdf857ccc5c9fbaae7ed823be0365e

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:16 +05:30
Jason Schonberg 02dbaa8843 Add missing HOMEPAGEs to xfce recipes 
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4d964d4d79)
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:16 +05:30
Gyorgy Sarvari cf81094887 zabbix: patch CVE-2025-49643 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49643

The actual patch was identified by checking the file that was modified
in the tag 6.0.42, and also by looking at the Jira item referenced by it:
the patch references DEV-4466, the same ID that is referenced in the
Jira ticket[1] referenced by the NVD report (look in the "All Activity" tab).

[1]: https://support.zabbix.com/browse/ZBX-27284

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:15 +05:30
Gyorgy Sarvari b7180060eb wolfssl: patch CVE-2025-7395 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7395

Backport the patches from the PR[1] that is referenced by the project's
changelog[2] to fix this issue.

[1]: https://github.com/wolfSSL/wolfssl/pull/8833
[2]: https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:15 +05:30
Ankur Tyagi e7b55c84bb libcoap: patch CVE-2025-59391 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-59391

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:15 +05:30
Ankur Tyagi ba18d52f43 libcoap: ignore CVE-2023-51847 
Details https://nvd.nist.gov/vuln/detail/CVE-2023-51847

The vulnerability exists in coap_threadsafe.c but thread safe support was
added in version v4.5.3 [1]

[1] https://github.com/obgm/libcoap/commit/c69c5d5af0a30859e90756f535e2ca21cdeda0b2

$ git tag --contains c69c5d5
v4.3.5
v4.3.5-rc1
v4.3.5-rc2
v4.3.5-rc3
v4.3.5a

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:14 +05:30
Gyorgy Sarvari 8a991e7e3c libcoap: ignore CVE-2025-50518 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518

The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 598176e1cb)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:14 +05:30
Peter Marko 6593af3931 libmemcached: ignore CVE-2023-27478 
Per [1] this is fixed by [2].
The commit message says that it is reverting feature added in:

$ git tag --no-contains d7a0084 | grep 1.0.18
1.0.18

This recipe is for the original memcached which is unmaintained now.
Hence the ignore instead of upgrade.

[1] https://nvd.nist.gov/vuln/detail/CVE-2023-27478
[2] https://github.com/awesomized/libmemcached/commit/48dcc61a

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 607a446491)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:13 +05:30
Ankur Tyagi 3750ce0e75 libiec61850: patch CVE-2024-45969 
Details https://nvd.nist.gov/vuln/detail/CVE-2024-45969

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:13 +05:30
Ankur Tyagi 50906d9169 dovecot: upgrade 2.3.21 -> 2.3.21.1 
Release Notes:
- CVE-2024-23184: A large number of address headers in email resulted
  in excessive CPU usage.
- CVE-2024-23185: Abnormally large email headers are now truncated or
  discarded, with a limit of 10MB on a single header and 50MB for all
  the headers of all the parts of an email.
- oauth2: Dovecot would send client_id and client_secret as POST parameters
  to introspection server. These need to be optionally in Basic auth
  instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
  required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
  protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
  from token, but was configured on Dovecot.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:12 +05:30
Ankur Tyagi 19d7eedf67 freerdp3: patch CVE-2025-68118 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-68118

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:12 +05:30
Ankur Tyagi c8f7748616 cups-filters: patch CVE-2025-64524 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-64524

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:11 +05:30
Hitendra Prajapati 44bdb70034 krb5: fix for CVE-2024-3596 
Upstream-Status: Backport from https://github.com/krb5/krb5/commit/871125fea8ce0370a972bf65f7d1de63f619b06c

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:11 +05:30
Gyorgy Sarvari ff7b552534 sngrep: upgrade 1.8.1 -> 1.8.2 
This update contains fix for CVE-2024-35434, and a small build system change
that adds a fallback in case ncurses library isn't available during build.

Shortlog: https://github.com/irontec/sngrep/compare/v1.8.1...v1.8.2

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:05 +05:30
Gyorgy Sarvari 3e322cb550 postgresql: upgrade 16.10 -> 16.11 
This is a bugfix release.
Contains fixes for CVE-2025-12817 and CVE-2025-12818.

Changelog: https://www.postgresql.org/docs/16/release-16-11.html

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
 2025-12-30 07:08:04 +05:30