mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity
24,422 Commits 64 Branches 0 Tags
782d9564e8495d1c879e63b702f2cdaeac752b61
Commit Graph

24422 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Divyanshu Rathore 2114ae5f26 ImageMagick: Fix CVE-2023-34151 
Backport the fix for CVE-2023-34151

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/3d6d98d8a2be30d74172ab43b5b8e874d2deb158]

Add below patch to fix
0011-ImageMagick-Fix-CVE-2023-34151.patch

Add below support patch to fix
0011-ImageMagick-Add-support-patch-1-to-fix-CVE-2023-3415.patch
0011-ImageMagick-Add-support-patch-2-to-fix-CVE-2023-3415.patch
0011-ImageMagick-Add-support-patch-3-to-fix-CVE-2023-3415.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:56 +01:00
Divyanshu Rathore 3a86962b26 ImageMagick: Fix CVE-2025-55298 
Backport the fix for CVE-2025-55298

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/439b362b93c074eea6c3f834d84982b43ef057d5]
                          [https://github.com/ImageMagick/ImageMagick/commit/1f93323df9d8c011c31bc4c6880390071f7fb895]

Add below patch to fix
0010-ImageMagick-Fix-CVE-2025-55298-1.patch
0010-ImageMagick-Fix-CVE-2025-55298-2.patch

Add below support patch to fix
0010-ImageMagick-Add-support-patch-1-to-fix-CVE-2025-5529.patch
0010-ImageMagick-Add-support-patch-2-to-fix-CVE-2025-5529.patch
0010-ImageMagick-Add-support-patch-3-to-fix-CVE-2025-5529.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:55 +01:00
Divyanshu Rathore a137e10750 ImageMagick: Fix CVE-2025-55154 
Backport the fix for CVE-2025-55154

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/db986e4782e9f6cc42a0e50151dc4fe43641b337]

Add below patch to fix
0009-ImageMagick-Fix-CVE-2025-55154.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:54 +01:00
Divyanshu Rathore 4f4cf3248e ImageMagick: Fix CVE-2025-57807 
Backport the fix for CVE-2025-57807

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/077a417a19a5ea8c85559b602754a5b928eef23e]

Add below patch to fix
0008-ImageMagick-Fix-CVE-2025-57807.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:53 +01:00
Divyanshu Rathore f978eae8fc ImageMagick: Fix CVE-2025-57803 
Backport the fix for CVE-2025-57803

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/61f444e5457e4e506c73f18460133c80c235ebb6]

Add below patch to fix
0007-ImageMagick-Fix-CVE-2025-57803.patch

Add below support patch to fix
0007-ImageMagick-Add-support-patch-to-fix-CVE-2025-57803.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:52 +01:00
Divyanshu Rathore 222e1b635e ImageMagick: Fix CVE-2025-55004 
Backport the fix for CVE-2025-55004

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/55d97055e00a7bc7ae2776c99824002fbb4a72aa]

Add below patch to fix
0006-ImageMagick-Fix-CVE-2025-55004.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:51 +01:00
Divyanshu Rathore a1c2509aea ImageMagick: Fix CVE-2025-53019 
Backport the fix for CVE-2025-53019

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/fc3ab0812edef903bbb2473c0ee652ddfd04fe5c]

Add below patch to fix CVE-2025-53019
0005-ImageMagick-Fix-CVE-2025-53019.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:50 +01:00
Divyanshu Rathore f0ce346514 ImageMagick: Fix CVE-2025-55005 
Backport the fix for CVE-2025-55005

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/b68bb6d3cfe472d5bd9329b4172e2e4f63d90a57]

Add below patch to fix
0004-ImageMagick-Fix-CVE-2025-55005.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:49 +01:00
Divyanshu Rathore 7b1c9fa6fb ImageMagick: Fix CVE-2025-55160 
Backport the fix for CVE-2025-55160

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/63d8769dd6a8f32f4096c71be9e08a2c081e47da]

Add below patch to fix
0003-ImageMagick-Fix-CVE-2025-55160.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:48 +01:00
Divyanshu Rathore bbcd2ab724 ImageMagick: Fix CVE-2025-53101 
Backport the fix for CVE-2025-53101

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/66dc8f51c11b0ae1f1cdeacd381c3e9a4de69774]

Add below patch to fix
0002-ImageMagick-Fix-CVE-2025-53101.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:47 +01:00
Divyanshu Rathore 520f64ef3c ImageMagick: Fix CVE-2025-53014 
Backport the fix for CVE-2025-53014

Upstream-Status: Backport [https://github.com/ImageMagick/ImageMagick/commit/29d82726c7ec20c07c49ba263bdcea16c2618e03]

Add below patch to fix CVE-2025-53014
0001-ImageMagick-Fix-CVE-2025-53014.patch

Signed-off-by: Divyanshu Rathore <Divyanshu.Rathore@bmwtechworks.in>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 22:06:46 +01:00
Viswanath Kraleti cac725f7d2 gflags: switch Git branch from master to main 
Update SRC_URI to use the 'main' branch instead of 'master' since
the upstream GitHub repository has renamed its default branch.

Signed-off-by: Viswanath Kraleti <viswanath.kraleti@oss.qualcomm.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 19:22:39 +01:00
Valeria Petrov 46a6fbcdcb apache2: upgrade 2.4.65 -> 2.4.66 
Security fixes:
- CVE-2025-66200
- CVE-2025-65082
- CVE-2025-59775
- CVE-2025-58098
- CVE-2025-55753

See: http://www.apache.org/dist/httpd/CHANGES_2.4.66

Signed-off-by: Valeria Petrov <valeria.petrov@spinetix.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-12 19:21:36 +01:00
Gyorgy Sarvari 97d4be2839 gupnp-igd: add ptest support 
Execution takes around 10 seconds.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:22 +01:00
Gyorgy Sarvari 590afd1a98 gupnp-av: add ptest support 
It takes around a second to execute the suite.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 65c2f6de55)

Adapted to Kirkstone.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:21 +01:00
Gyorgy Sarvari 535fc775a6 gupnp: add ptest support 
It takes almost 50 seconds on my machine to execute.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e7878d69ab)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:20 +01:00
Gyorgy Sarvari ff2b74df62 gssdp: add ptest support 
It is quick, it finished under 20 seconds on my machine.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 27865a96d5)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:19 +01:00
Gyorgy Sarvari d95d7c8e7b xrdp: add ptest support 
It takes under 10 seconds to run the suite.
Executed succesfully on x86-64, with musl and glibc.

The recipe requires pam DISTRO_FEATURE to be present.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 54ca51b6c6)

Adapted to Kirkstone
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 19:34:17 +01:00
Gyorgy Sarvari dcc7681d01 xrdp: patch CVE-2022-23493 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23493

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:13 +01:00
Gyorgy Sarvari fc2c0460ab xrdp: patch CVE-2022-23484 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23484

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:11 +01:00
Gyorgy Sarvari e89a73a759 xrdp: patch CVE-2022-23483 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23483

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:10 +01:00
Gyorgy Sarvari e0e34a0615 xrdp: patch CVE-2022-23481 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:09 +01:00
Gyorgy Sarvari 07291c5d65 xrdp: patch CVE-2022-23480 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23480

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:09 +01:00
Gyorgy Sarvari d2a493539f xrdp: patch CVE-2022-23479 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23479

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:08 +01:00
Gyorgy Sarvari 444c8f69d2 xrdp: patch CVE-2022-23478 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23478

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:07 +01:00
Gyorgy Sarvari 74b0b81579 xrdp: patch CVE-2022-23477 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:06 +01:00
Gyorgy Sarvari 5709e8f6ec xrdp: patch CVE-2022-23468 
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:05 +01:00
Gyorgy Sarvari f218f0373f xrdp: upgrade 0.9.18 -> 0.9.18.1 
Contains fix for CVE-2022-23613

Changelog: https://github.com/neutrinolabs/xrdp/releases/tag/v0.9.18.1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-06 17:33:04 +01:00
Saravanan e2da1298ac python3-django: fix CVE-2025-32873 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-32873

Upstream-patch:
https://github.com/django/django/commit/9cd8028f3e38dca8e51c1388f474eecbe7d6ca3c/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-05 15:29:59 +01:00
Saravanan ee59faebac python3-django: fix CVE-2024-53907 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-53907

Upstream-patch:
https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-05 15:29:58 +01:00
Saravanan 64e4cf9933 python3-django: fix CVE-2024-41991 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41991

Upstream-patch:
https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-05 15:29:55 +01:00
Khem Raj edb07bc11e scsirastools: Fix build with usrmerge 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4448cd9ee7)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-02 13:54:27 +01:00
Gyorgy Sarvari 4a70d6f944 gradm: fix installation with usrmerge enabled 
In case usrmerge DISTRO_FEATURE is enabled, the recipe installs its
binaries into /sbin folder, which however supposed to be a symlink
to /usr/sbin folder, thus ultimately failing the installation.

To avoid this problem, backport a patch from master branch that allows
specifying the installation location.

This is a partial backport of 682657248c

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-02 13:54:16 +01:00
Gyorgy Sarvari bc55ba3d8c babeld: fix installation with usrmerge 
In case usrmerge DISTRO_FEATURE is enabled, the recipe installed
the application to /bin folder, which is however a symlink to /usr/bin,
so the installation ultimately failed.

To fix this, set the correct prefix for the installation.

This is a partial backport of f91983f1f3

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-12-02 13:54:02 +01:00
Gyorgy Sarvari 6416254c0b fontforge: patch CVE-2024-25081 and CVE-2024-25082 
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-25081
https://nvd.nist.gov/vuln/detail/CVE-2024-25082

The same patch fixes both vulnerabilities.
Take the patch from the pull request that is referenced by the
nv report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 20:48:08 +01:00
Gyorgy Sarvari 2491ea2ffb fontforge: patch CVE-2020-5395, CVE-2020-25690 and CVE-2020-5496 
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-5395
https://nvd.nist.gov/vuln/detail/CVE-2020-25690
https://nvd.nist.gov/vuln/detail/CVE-2020-5496

The same patch fixes all three.
The patch for CVE-2020-25690 is mentioned in the RedHat bug, which is
referenced in the nvd report.
The patch for CVE-2020-5395 is mentioned in the Github issue that
is referenced in the nvd report.
The patch for CVE-2020-5496 is mentioned in the comments of the issue
that is linked in the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 20:48:07 +01:00
Gyorgy Sarvari 48d2305f48 fontforge: ignore CVE-2019-15785 
Details: https://nvd.nist.gov/vuln/detail/CVE-2019-15785

The vulnerability is not present in the currently used version, so
ignore it.

Current version: 20190801
First vulnerable version: 20190813

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 20:48:06 +01:00
Gyorgy Sarvari 67bb8e4b16 yasm: patch CVE-2021-33456 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33465

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1020-hash-null-CVE-2021-33456.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1e2731fce0)
 2025-11-30 20:48:05 +01:00
Gyorgy Sarvari 68a44fe280 yasm: patch CVE-2021-33464 
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66a0b01b52)
 2025-11-30 20:48:04 +01:00
Gyorgy Sarvari 5fb0376aed yasm: patch CVE-2023-29579 
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cc30757a7f)
 2025-11-30 20:48:03 +01:00
Gyorgy Sarvari b6eb044866 yasm: add alternative CVE_PRODUCT 
There are multiple vendors for yasm:

$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm

Both products refer to the same application

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93f85e4fd2)
 2025-11-30 20:48:01 +01:00
Saravanan 8b438a9d7b python3-django: fix CVE-2024-39330 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-39330

Upstream-patch:
https://github.com/django/django/commit/2b00edc0151a660d1eb86da4059904a0fc4e095e

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:36 +01:00
Saravanan 740980aaba python3-django: fix CVE-2024-39329 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-39329

Upstream-patch:
https://github.com/django/django/commit/156d3186c96e3ec2ca73b8b25dc2ef366e38df14

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:34 +01:00
Saravanan 21d389c8f9 python3-django: fix CVE-2025-57833 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-57833

Upstream-patch:
https://github.com/django/django/commit/31334e6965ad136a5e369993b01721499c5d1a92

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:32 +01:00
Saravanan 0b554678b6 python3-django: fix CVE-2024-56374 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-56374

Upstream-patch:
https://github.com/django/django/commit/ad866a1ca3e7d60da888d25d27e46a8adb2ed36e

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:31 +01:00
Saravanan 540b79e3ee python3-django: fix CVE-2025-26699 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-26699

Upstream-patch:
https://github.com/django/django/commit/e88f7376fe68dbf4ebaf11fad1513ce700b45860

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:30 +01:00
Saravanan 666ec505b4 python3-django: fix CVE-2024-27351 
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-27351

Upstream-patch:
https://github.com/django/django/commit/072963e4c4d0b3a7a8c5412bc0c7d27d1a9c3521

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:29 +01:00
Saravanan d4a5c4cf6c python3-django: upgrade 4.2.17 -> 4.2.26 
Fixes CVE-2025-64459, CVE-2025-64458, CVE-2025-59682, CVE-2025-59681,
CVE-2025-57833, CVE-2025-48432, CVE-2025-32873, CVE-2025-26699, CVE-2024-56374
and other bug fixes.

Release notes:
https://docs.djangoproject.com/en/dev/releases/4.2.18/
https://docs.djangoproject.com/en/dev/releases/4.2.19/
https://docs.djangoproject.com/en/dev/releases/4.2.20/
https://docs.djangoproject.com/en/dev/releases/4.2.21/
https://docs.djangoproject.com/en/dev/releases/4.2.22/
https://docs.djangoproject.com/en/dev/releases/4.2.23/
https://docs.djangoproject.com/en/dev/releases/4.2.24/
https://docs.djangoproject.com/en/dev/releases/4.2.25/
https://docs.djangoproject.com/en/dev/releases/4.2.26/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:28 +01:00
Saravanan 252b82edd5 python3-django: upgrade 3.2.23 -> 3.2.25 
Fixes CVE-2024-27351, CVE-2024-24680 and other bugfixes.

Release notes:
https://docs.djangoproject.com/en/dev/releases/3.2.24/
https://docs.djangoproject.com/en/dev/releases/3.2.25/

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:16:24 +01:00
Gyorgy Sarvari a12478e722 libraw: patch CVE-2025-43964 
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-43964

Pick the patch that is referenced by the nvd report.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:58 +01:00