50906d9169
dovecot: upgrade 2.3.21 -> 2.3.21.1
...
Release Notes:
- CVE-2024-23184: A large number of address headers in email resulted
in excessive CPU usage.
- CVE-2024-23185: Abnormally large email headers are now truncated or
discarded, with a limit of 10MB on a single header and 50MB for all
the headers of all the parts of an email.
- oauth2: Dovecot would send client_id and client_secret as POST parameters
to introspection server. These need to be optionally in Basic auth
instead as required by OIDC specification.
- oauth2: JWT key type check was too strict.
- oauth2: JWT token audience was not validated against client_id as
required by OIDC specification.
- oauth2: XOAUTH2 and OAUTHBEARER mechanisms were not giving out
protocol specific error message on all errors. This broke OIDC discovery.
- oauth2: JWT aud validation was not performed if aud was missing
from token, but was configured on Dovecot.
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:08:12 +05:30
19d7eedf67
freerdp3: patch CVE-2025-68118
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-68118
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:08:12 +05:30
c8f7748616
cups-filters: patch CVE-2025-64524
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-64524
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:08:11 +05:30
44bdb70034
krb5: fix for CVE-2024-3596
...
Upstream-Status: Backport from https://github.com/krb5/krb5/commit/871125fea8ce0370a972bf65f7d1de63f619b06c
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:08:11 +05:30
ff7b552534
sngrep: upgrade 1.8.1 -> 1.8.2
...
This update contains fix for CVE-2024-35434, and a small build system change
that adds a fallback in case ncurses library isn't available during build.
Shortlog: https://github.com/irontec/sngrep/compare/v1.8.1...v1.8.2
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:08:05 +05:30
3e322cb550
postgresql: upgrade 16.10 -> 16.11
...
This is a bugfix release.
Contains fixes for CVE-2025-12817 and CVE-2025-12818.
Changelog: https://www.postgresql.org/docs/16/release-16-11.html
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:08:04 +05:30
9dea9286a0
fio: ignore CVE-2025-10824
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-10824
The upstream maintainer wasn't able to reproduce the issue[1],
and the related bug is closed without further action.
[1]: https://github.com/axboe/fio/issues/1981
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit a275078cbeskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:08:04 +05:30
fe9360051e
minio: ignore irrelevant CVEs
...
The minio umbrella covers multiple projects. The recipe itself builds
"minio client", which is a set of basic tools to query data from
"minio server" - like ls, mv, find...
The CVEs were files against minio server. Looking at the go mod list,
this recipe doesn't use minio server even as a build dependency - so ignore
the CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit df462075beskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:08:03 +05:30
3a59d89765
accountservice: ignore CVE-2023-3297
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-3297
The vulnerability is triggered by a patch added by Ubuntu, and the vulnerable patch is
not present in the recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 071a45c9d7skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:08:03 +05:30
6553182380
p7zip 16.02: Fix CVE-2022-47069
...
Upstream Repository: https://sourceforge.net/projects/p7zip/
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2022-47069
Type: Security Fix
CVE: CVE-2022-47069
Score: 7.8
Note:
- Commit [1] updates complete p7zip archive source for v17 and includes changes
that fixes CVE-2022-47609, adapted fix related changes in current p7zip v16.02.
- Similar changes via [2] have been integrated into the upstream 7zip package,
which replaced p7zip 16.02 in OE-Core master.
For the testing:
- Verified fix using steps mentioned at [3], trace not observed.
- Validated against known malicious ZIP samples [3]
References:
[1] https://github.com/p7zip-project/p7zip/commit/d7a903ff13c2
[2] https://github.com/ip7z/7zip/commit/f19f813537c7
[3] https://sourceforge.net/p/p7zip/bugs/241/
[4] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-47069
Signed-off-by: Vrushti Dabhi <vdabhi@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-30 07:07:59 +05:30
e76bf51a92
redis: Refine CVE-2022-0543 status description
...
Refine the CVE_STATUS description for CVE-2022-0543 to provide
a more precise explanation of this Debian-specific vulnerability.
The vulnerability originates from Debian's packaging methodology,
which loads system-wide Lua libraries (lua-cjson, lua-cmsgpack),
enabling Lua sandbox escape. Upstream Redis builds, including
those built by Yocto/OpenEmbedded, utilize embedded Lua from the
deps/ directory and are therefore not affected by this issue.
It is also fixed in Debian with this commit:
https://salsa.debian.org/lamby/pkg-redis/-/commit/c7fd665150dc4769402cae97d1152b3c6e4366f0
References:
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
- https://nvd.nist.gov/vuln/detail/CVE-2022-0543
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7675392aa7deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-22 07:49:04 +05:30
9a4ed6f20f
openh264: patch CVE-2025-27091
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-27091
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:24 +05:30
86abe3d5de
openvpn: patch CVE-2025-13086
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-13086
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:24 +05:30
c42bfd596e
tcpreplay: fix CVE-2025-9157
...
A vulnerability was determined in appneta tcpreplay up to 4.5.2-beta2.
The impacted element is the function untrunc_packet of the file
src/tcpedit/edit_packet.c of the component tcprewrite. Executing
manipulation can lead to use after free. It is possible to launch
the attack on the local host. The exploit has been publicly disclosed
and may be utilized. This patch is called 73008f261f1cdf7a1087dc8759115242696d35da.
Applying a patch is advised to resolve this issue.
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(cherry picked from commit 0538af085aankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:23 +05:30
788904cef1
unbound: patch CVE-2024-43168
...
Details https://nvd.nist.gov/vuln/detail/CVE-2024-43168
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:23 +05:30
1876b4656d
unbound: patch CVE-2024-43167
...
Details https://nvd.nist.gov/vuln/detail/CVE-2024-43167
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:22 +05:30
0d9da11052
fetchmail: patch CVE-2025-61962
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-61962
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:22 +05:30
eb338ebb60
civetweb: patch CVE-2025-9648
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-9648
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:21 +05:30
1c7b69ee0b
editorconfig-core-c: patch CVE-2024-53849
...
Details https://nvd.nist.gov/vuln/detail/CVE-2024-53849
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:21 +05:30
d9148434ad
flatpak: patch CVE-2024-42472
...
Details https://nvd.nist.gov/vuln/detail/CVE-2024-42472
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:21 +05:30
af50080591
libcupsfilters: patch CVE-2025-57812
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-57812
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:20 +05:30
a0292cd209
jasper: patch CVE-2024-31744
...
Details https://nvd.nist.gov/vuln/detail/CVE-2024-31744
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:20 +05:30
1fea09e692
mbedtls: fix CVE-2025-47917
...
CVE-2025-47917 is that the function mbedtls_x509_string_to_names() takes
a head argument and performs a deep free() on it.
Backport patch to fix CVE-2025-47917 and drop the modification in doc
file and comment in header file which lack of context.
Signed-off-by: Kai Kang <kai.kang@windriver.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-17 11:45:16 +05:30
b4812b18ee
proftpd: Fix CVE-2023-48795
...
Upstream-Status: Backport from https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
(cherry picked from commit 6c8ae54fc3ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-11 08:02:03 +05:30
5775e1a643
wireshark: fix CVE-2025-13499
...
Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/e180152d3dae668249f78c72a55a4ba436b57af7
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-11 08:02:02 +05:30
d9e1f6f274
gflags: switch Git branch from master to main
...
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.
Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-11 08:00:54 +05:30
e0dbf0bcd3
hdf5 1.14.4-3: fix CVE-2025-2912
...
Upstream Repository: https://github.com/HDFGroup/hdf5.git
Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2912
Type: Security Fix
CVE: CVE-2025-2912
Score: 4.8
Patch: https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a
Analysis:
- CVE-2025-2913 was previously fixed by [1], which is also addresses CVE-2025-2912
as noted in [4].
- NVD [2] references the GitHub discussion [3] for CVE-2025-2912, and we successfully
reproduced the issue following the steps outlined there.
- Applied the fix from [4] and verified resolution using the reproduction steps.
- The same patch [4] is already included in OE-scarthgap [5] for CVE-2025-2913.
- Therefore, reused the patch from [5] to resolve CVE-2025-2912.
References:
[1] https://github.com/HDFGroup/hdf5/commit/7cc8b5e1010a
[2] https://nvd.nist.gov/vuln/detail/CVE-2025-2912
[3] https://github.com/HDFGroup/hdf5/issues/5370#issue-2917388806
[4] https://github.com/HDFGroup/hdf5/issues/5370#issuecomment-3542881855
[5] https://git.openembedded.org/meta-openembedded/commit/meta-oe/recipes-support/hdf5?h=scarthgap&id=b42e6eb3e51a
Signed-off-by: Sudhir Dumbhare <sudumbha@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-11 08:00:53 +05:30
c223262bd7
apache2: upgrade 2.4.65 -> 2.4.66
...
Security fixes:
- CVE-2025-66200
- CVE-2025-65082
- CVE-2025-59775
- CVE-2025-58098
- CVE-2025-55753
See: http://www.apache.org/dist/httpd/CHANGES_2.4.66
Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-11 08:00:53 +05:30
91ea5aa570
libavif: patch CVE-2025-48174
...
Details https://nvd.nist.gov/vuln/detail/CVE-2025-48174
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-11 08:00:53 +05:30
b7fd86557f
smarty: update CVE_PRODUCT
...
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-11 08:00:23 +05:30
47b2afbc12
corosync: upgrade 3.1.9 -> 3.1.10
...
CVE-2025-30472.patch
removed since it's included in 3.1.10
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 7915bcecf5ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-09 07:01:20 +05:30
873297afaa
python3-django: upgrade 5.0.11 -> 5.0.14
...
Drop patch merged in the upstream.
Release notes:
https://docs.djangoproject.com/en/dev/releases/5.0.12/
https://docs.djangoproject.com/en/dev/releases/5.0.13/
https://docs.djangoproject.com/en/dev/releases/5.0.14/
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-09 07:01:20 +05:30
4d1817df45
nftables: remove python dependency from main package
...
The recipe splits python code to nftables-python package, however
setuptools classes add the dependency to main package.
Since nftables-python package already has python3-core explicit
dependency, remove it from the main package.
(From meta-openembedded rev: 331126a6d0peter.marko@siemens.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-09 07:01:16 +05:30
7ed4330bcf
net-snmp: Update Upstream-status in the net-snmp-5.9.4-kernel-6.7.patch
...
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-05 17:46:29 +05:30
bd2cabff81
net-snmp: Fix a crash and support for 6.7+ kernel
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from 8147a884c6vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-05 17:46:28 +05:30
b09a12e166
hdf5 1.14.4-3: Fix CVE tag format in patches
...
- The CVE tags in multiple hdf5 patches were using comma-separated
format which caused false positives in CVE reports.
- Multiple CVEs should be separated by space in CVE-ID.patch file as
per recipe style guide in Yocto documentation so CVE report tool can
scan those CVEs and mark it as patched.
Fixed the following patches:
- CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch
- CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch
- CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch
Reference:
- https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#cve-patches
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-05 17:46:25 +05:30
a9fa1c5c2a
xrdp: patch CVE-2023-42822
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-42822
Pick the patch the references the github advisory[1] and the cve ID also from
the nvd report. The patch is a backported version of the patch referenced by
the nvd report.
[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:11 +05:30
259e4f9266
xrdp: patch CVE-2023-40184
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40184
Pick the patch that is associated with the github advisory[1], which is
a backported version of the patch that is referenced by the nvd report.
[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:11 +05:30
f81041bb39
xrdp: patch CVE-2022-23493
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23493
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:10 +05:30
2578e5c17d
xrdp: patch CVE-2022-23484
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23484
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:10 +05:30
8ffd8f29d5
xrdp: patch CVE-2022-23483
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23483
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:09 +05:30
31694c82e3
xrdp: patch CVE-2022-23482
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23482
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:09 +05:30
64ee8f84c4
xrdp: patch CVE-2022-23481
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:08 +05:30
71e9d02b12
xrdp: patch CVE-2022-23480
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23480
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:08 +05:30
19e076e66b
xrdp: patch CVE-2022-23479
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23479
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:07 +05:30
63b5fff975
xrdp: patch CVE-2022-23478
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23478
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:07 +05:30
a6efc5b285
xrdp: patch CVE-2022-23477
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:06 +05:30
1cb08277fe
xrdp: patch CVE-2022-23468
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468
Pick the patch that mentions this vulnerability explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2025-12-04 14:10:02 +05:30
5a52615450
pidgin: fix reproducibility issues
...
Backport changes fixing reproducibility issues from master:
9697fd958eanuj.mittal@oss.qualcomm.com >
2025-12-03 11:23:31 +05:30
9e4f627941
trace-cmd: Update SRC_URI to use HTTPS protocol
...
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit f00b6ad12fanuj.mittal@oss.qualcomm.com >
2025-12-03 10:37:26 +05:30
Ankur Tyagi
Hitendra Prajapati
Gyorgy Sarvari
Vrushti Dabhi
Deepak Rathore
Archana Polampalli
Kai Kang
Vijay Anusuri
Viswanath Kraleti
Sudhir Dumbhare
Valeria Petrov
Wang Mingyu
Peter Marko
Khem Raj
Anuj Mittal
yuyu