3dc63bce4d
nodejs: ignore CVE-2024-36137
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-36137
The vulnerability affects the permission model, which was introduced[1]
in v20 - the recipe version isn't vulerable yet.
[1]: https://github.com/nodejs/node/commit/00c222593e49d817281bc88a322f41f8dca95885
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
e88e353f30
nodejs: ignore CVE-2024-3566 and CVE-2024-36138
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-3566
https://nvd.nist.gov/vuln/detail/CVE-2024-36138
This vulnerabilities affect Windows only.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
9e38c37a62
sassc: ignore CVE-2022-43357
...
This CVE is fixed in current libsass recipe version.
So wrapper around it will also not show this problem.
It's usual usecase is to be statically linked with libsass which is
probably the reason why this is listed as vulnerable component.
[1] links [2] as issue tracker which points to [3] as fix.
[4] as base repository for the recipe is not involved and files from [3]
are not present in this repository.
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357
[2] https://github.com/sass/libsass/issues/3177
[3] https://github.com/sass/libsass/pull/3184
[4] https://github.com/sass/sassc/
Signed-off-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 576b84263bskandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
8e69851e6d
nodejs: patch CVE-2024-27983
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-27983
Pick the patch that mentions this CVE ID explcitly in its commit message.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
ab83c61385
nodejs: ignore CVE-2024-22017
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22017
The vulnerability is related to the io_uring usage of libuv.
Libuv first introduced io_uring support in v1.45[1].
oe-core ships a non-vulnerable version (1.44.2), and nodejs
vendors also an older version (1.43).
Mark this CVE as ignored for this recipe version.
[1]: https://github.com/libuv/libuv/commit/d2c31f429b87b476a7f1344d145dad4752a406d4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
f9ed3b8197
nodejs: patch CVE-2023-39333
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39333
Backport the patch that mentions this CVE ID explicitly in its
commit message.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
04f577d527
nodejs: ignore CVE-2023-30583, CVE-2023-30584 and CVE-2023-30587
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-30583
https://nvd.nist.gov/vuln/detail/CVE-2023-30584
https://nvd.nist.gov/vuln/detail/CVE-2023-30587
None of these vulnerabilities are present in the recipe version.
CVE-2023-30583: While the main feature (blob) was intruced in v16, the vulnerable
code (load blobs from file) was introduced in v20[1], and as such,
the vulnerability is not present in the recipe version.
CVE-2023-30584, CVE-2023-30587: The whole vulnerable feature (permission model) was
introduced[2] in v20.
Ignore these CVE IDs.
[1]: https://github.com/nodejs/node/commit/950cec4c2642c15e2913f35babadda56c1d8a723
[2]: https://github.com/nodejs/node/commit/00c222593e49d817281bc88a322f41f8dca95885
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
9608348824
fio: ignore CVE-2025-10824
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824
The upstream maintainer wasn't able to reproduce the issue[1],
and the related bug is closed without further action.
[1]: https://github.com/axboe/fio/issues/1981
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a275078cbeskandigraun@gmail.com >
2026-01-08 22:03:03 +01:00
15750d5584
atop: patch CVE-2025-31160
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31160
Backport the patch that's subject references the CVE id explicitly.
I was able to verify the patch with a reproducer[1] (which is mentioned
in a reference[2] in the nvd report). Without the patch atop crashed,
with the patch it worked fine (both with and without -k/-K flags).
[1]: https://blog.bismuth.sh/blog/bismuth-found-the-atop-bug
[2]: https://gist.github.com/kallsyms/3acdf857ccc5c9fbaae7ed823be0365e
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
f3df89aedb
php: upgrade 8.1.33 -> 8.1.34
...
Comes with fixes for CVE-2025-14177, CVE-2025-14178 and CVE-2025-14180
Changelog:
- Curl: Fix curl build and test failures with version 8.16.
- Opcache: Reset global pointers to prevent use-after-free in zend_jit_status().
- PDO: Fixed: PDO quoting result null deref. (CVE-2025-14180)
- Standard:
* Fixed: Null byte termination in dns_get_record().
* Fixed: Heap buffer overflow in array_merge(). (CVE-2025-14178)
* Fixed: Information Leak of Memory in getimagesize. (CVE-2025-14177)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
d618b8dc84
xmlsec1: update SRC_URI
...
The tarball was moved to a subfolder. Adapt the SRC_URI.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
dcf2b5030d
softhsm: correct SRC_URI branch
...
The develop branch doesn't exist anymore. The fetched commit is on the main branch.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
11b7fe9a91
thrift: fix SRC_URI
...
The tarball was moved to an archive server, so the link stopped
working. Update it to the new location.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
feb9c53544
srecord: fix SRC_URI
...
The tarball was moved to a new folder in the SourceForge project,
and the original convenience link stopped working.
Use the direct link instead.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
02422765c6
pcp: switch SRC_URI to git
...
The original link stopped working.
I have compared the original tarball's content with this revision: the contents
are bit-identical to each other. The only difference is that the original
tarball came with an extra "debian/control" file which is not present in
the git repository, but it not using for compiling.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
0ac70cf0bb
tcsh: update SRC_URI
...
The tarball was moved to a new subfolder, making do_fetch fall back to a mirror.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
75080e6708
hunspell: patch CVE-2019-16707
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-16707
Pick the patch that resolves the Github issue[1] that tracked
this vulnerability.
[1]: https://github.com/hunspell/hunspell/issues/624
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
6ba8215d31
smarty: patch CVE-2023-28447
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-28447
Pick the patch that is referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
2acc0c3720
smarty: update CVE_PRODUCT
...
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit ceadb83fcfskandigraun@gmail.com >
2026-01-08 22:03:02 +01:00
a5ac9b82bd
smarty: patch CVE-2018-25047
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2018-25047
Pick the patch that resolved the issue referenced in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-08 22:02:57 +01:00
f642e61588
snappy: add CVE_PRODUCT
...
If CVE_PRODUCT is not explicitly set to google:snappy, CVEs are
found for https://github.com/KnpLabs/snappy instead.
Signed-off-by: Emil Kronborg Andersen <emkan@prevas.dk >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit b888130e95skandigraun@gmail.com >
2025-12-25 15:09:15 +01:00
9af2a4a468
dbus-broker: patch CVE-2022-31212
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-31212
A detailed writeup[1] is referenced by the nvd report, which
describes that the vulnerability itself is not in the application,
rather in a dependency of it, in c-shutil, which is pulled in as
a submodule.
Pick the patch from this submodule that fixes a stack overflow, and
adds a test explictly verifying the described vulnerability.
[1]: https://sec-consult.com/vulnerability-lab/advisory/memory-corruption-vulnerabilities-dbus-broker/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 13:57:04 +01:00
5b7d15db18
cups-filters: patch CVE-2023-24805
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-24805
Pick the patch referenced by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 13:57:02 +01:00
c590e88d19
cups-filters: patch CVE-2025-64524
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64524
Pick the patch referenced by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 13:57:02 +01:00
16f6b4287c
cups-filters: patch CVE-2025-57812
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-57812
Backport the patch that is referenced by te nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 13:57:01 +01:00
4da4c6547c
redis: ignore CVE-2025-46686
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-46686
Upstream disputes that it is a security violation, and says that
implementing a mitigation for this would negatively affect the rest
of the application, so they elected to ignore it.
See Github advisory about the same vulnerability:
https://github.com/redis/redis/security/advisories/GHSA-2r7g-8hpc-rpq9
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 13:57:00 +01:00
ef7ac09d7a
nanopb: patch CVE-2024-53984
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-53984
Pick the patch referenced by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 13:56:59 +01:00
12807d9007
zabbix: patch CVE-2025-49643
...
The actual patch was identified by checking the file that was modified
in the tag 6.0.42, and also by looking at the Jira item referenced by it:
the patch references DEV-4466, the same ID that is referenced in the
Jira ticket[1] referenced by the NVD report (look in the "All Activity" tab).
[1]: https://support.zabbix.com/browse/ZBX-27284
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 10:17:02 +01:00
68bc6d3bbe
imagemagick: patch CVE-2025-62171
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-62171
Pick the patch that's mentioned in the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 10:17:02 +01:00
339ac6d59c
imagemagick: patch CVE-2025-65955
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-65955
Pick the patch referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 10:17:02 +01:00
4eae56f5d0
imagemagick: patch CVE-2022-1115
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-1115
Pick the patch referenced in the NVD report.
Tested successfully against the PoC described in the related Github issue[1].
[1]: https://github.com/ImageMagick/ImageMagick/issues/4974
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 10:17:02 +01:00
4ac316bf47
krb5: fix for CVE-2024-3596
...
Upstream-Status: Backport from https://github.com/krb5/krb5/commit/871125fea8ce0370a972bf65f7d1de63f619b06c
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-25 10:17:01 +01:00
d2894888c9
nodejs: fix CVE_PRODUCT
...
The CVE_PRODUCT is set with a weak default assignment in the cve-check.bbclass,
which means that when the recipe uses +=, it overrides the original weak adefault
value instead of appending to it.
Set all applicable values in CVE_PRODUCT variable explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-22 20:56:37 +01:00
94f3cecaae
postgresql: upgrade 14.19 -> 14.20
...
Beside other bugfixes, it contains fixes for CVE-2025-12817 and CVE-2025-12818.
Release notes: https://www.postgresql.org/docs/release/14.20/
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-17 15:37:58 +01:00
74491cf152
botan: patch CVE-2024-34702
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-34702
The same patch fixes both CVE-2024-39312 and CVE-2024-34702, according
to the release notes[1] of the final 2.9.x release.
[1]: https://github.com/randombit/botan/blob/2.19.5/news.rst
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-16 08:43:03 +01:00
9b5b7102ca
audit: Fix CVE_PRODUCT
...
Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".
Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft",
which are unrelated to the "audit" in this recipe.
https://www.opencve.io/cve?vendor=visionsoft&product=audit
In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux".
Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit".
Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit e87e51da49skandigraun@gmail.com >
2025-12-16 08:42:29 +01:00
cdd9a07823
gosu: set SRCREV_FORMAT variable
...
The recipe fetches from multiple repositories, however the SRCREV_FORMAT
variable wasn't set. Due to this the recipe couldn't reuse sstate artifacts from
a mirror, only threw warnings:
WARNING: gosu-1.14-r0 do_package_qa_setscene: ExpansionError('SRCPV',
'${@bb.fetch2.get_srcrev(d)}', FetchError('The SRCREV_FORMAT variable
must be set when multiple SCMs are used.\nThe SCMs are:
git://github.com/tianon/gosu.git;branch=master;protocol=https
git://github.com/opencontainers/runc;name=runc;branch=main;protocol=https', None))
WARNING: Setscene task (/cocto/kirkstone-next/meta-openembedded/meta-oe/recipes-support/
gosu/gosu_1.14.bb:do_package_qa_setscene) failed with exit code '1' - real task
will be run instead
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-14 16:18:49 +01:00
af6c27eaa1
sysdig: set SRCREV_FORMAT
...
It fetches from multiple repositories, but didn't have SRCREV_FORMAT
set. Because of this, the recipe couldn't use sstate artifacts from
a mirror, just threw many warnings:
WARNING: sysdig-0.28.0-r0 do_package_qa_setscene: ExpansionError('SRCPV',
'${@bb.fetch2.get_srcrev(d)}', FetchError('The SRCREV_FORMAT variable
must be set when multiple SCMs are used.\nThe SCMs
are:\ngit://github.com/draios/sysdig.git;branch=dev;protocol=https;name=sysdig
git://github.com/falcosecurity/libs;protocol=https;branch=master;name=falco;subdir=git/falcosecurity-libs',
None))
WARNING: Setscene task (/cocto/kirkstone-next/meta-openembedded/meta-oe/recipes-extended/sysdig/sysdig_0.28.0.bb
:do_package_qa_setscene) failed with exit code '1' - real task will be run instead
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-14 16:18:48 +01:00
d9fbd8560e
zlog: patch CVE-2024-22857
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22857
Pick the patch from the PR mentioned by the nvd report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-14 16:18:47 +01:00
2114ae5f26
ImageMagick: Fix CVE-2023-34151
...
Backport the fix for CVE-2023-34151
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158 ]
Add below patch to fix
0011-ImageMagick-Fix-CVE-2023-34151.patch
Add below support patch to fix
0011-ImageMagick-Add-support-patch-1-to-fix-CVE-2023-3415.patch
0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch
0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:56 +01:00
3a86962b26
ImageMagick: Fix CVE-2025-55298
...
Backport the fix for CVE-2025-55298
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5 ]
[https://github.com/ImageMagick/ImageMagick/commit/1f93323df9d8c011c31bc4c6880390071f7fb895 ]
Add below patch to fix
0010-ImageMagick-Fix-CVE-2025-55298-1.patch
0010-ImageMagick-Fix-CVE-2025-55298-2.patch
Add below support patch to fix
0010-ImageMagick-Add-support-patch-1-to-fix-CVE-2025-5529.patch
0010-ImageMagick-Add-support-patch-2-to-fix-CVE-2025-5529.patch
0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:55 +01:00
a137e10750
ImageMagick: Fix CVE-2025-55154
...
Backport the fix for CVE-2025-55154
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337 ]
Add below patch to fix
0009-ImageMagick-Fix-CVE-2025-55154.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:54 +01:00
4f4cf3248e
ImageMagick: Fix CVE-2025-57807
...
Backport the fix for CVE-2025-57807
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e ]
Add below patch to fix
0008-ImageMagick-Fix-CVE-2025-57807.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:53 +01:00
f978eae8fc
ImageMagick: Fix CVE-2025-57803
...
Backport the fix for CVE-2025-57803
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/61f444e5457e4e506c73f18460133c80c235ebb6 ]
Add below patch to fix
0007-ImageMagick-Fix-CVE-2025-57803.patch
Add below support patch to fix
0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:52 +01:00
222e1b635e
ImageMagick: Fix CVE-2025-55004
...
Backport the fix for CVE-2025-55004
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa ]
Add below patch to fix
0006-ImageMagick-Fix-CVE-2025-55004.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:51 +01:00
a1c2509aea
ImageMagick: Fix CVE-2025-53019
...
Backport the fix for CVE-2025-53019
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c ]
Add below patch to fix CVE-2025-53019
0005-ImageMagick-Fix-CVE-2025-53019.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:50 +01:00
f0ce346514
ImageMagick: Fix CVE-2025-55005
...
Backport the fix for CVE-2025-55005
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57 ]
Add below patch to fix
0004-ImageMagick-Fix-CVE-2025-55005.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:49 +01:00
7b1c9fa6fb
ImageMagick: Fix CVE-2025-55160
...
Backport the fix for CVE-2025-55160
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da ]
Add below patch to fix
0003-ImageMagick-Fix-CVE-2025-55160.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:48 +01:00
bbcd2ab724
ImageMagick: Fix CVE-2025-53101
...
Backport the fix for CVE-2025-53101
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774 ]
Add below patch to fix
0002-ImageMagick-Fix-CVE-2025-53101.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:47 +01:00
520f64ef3c
ImageMagick: Fix CVE-2025-53014
...
Backport the fix for CVE-2025-53014
Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03 ]
Add below patch to fix CVE-2025-53014
0001-ImageMagick-Fix-CVE-2025-53014.patch
Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2025-12-12 22:06:46 +01:00
Gyorgy Sarvari
Peter Marko
Ankur Tyagi
Emil Kronborg Andersen
Hitendra Prajapati
Shinji Matsunaga
Divyanshu Rathore