d861698ab8
lshw: Fix binmerge
...
In case $sbindir = $bindir we have to pass this setting to make.
Signed-off-by: Jörg Sommer <joerg.sommer@navimatix.de >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit d09f50438fanuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:21 +05:30
50cde1e649
libdvdread: use https for fetching code
...
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 7bf89d06a4anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:21 +05:30
c72fd80a5c
jq: patch CVE-2026-39979
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-39979
Backport the patch that is referenced by the NVD advisory.y
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 2b1e34f0f5anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:21 +05:30
2732cd42ec
jq: patch CVE-2026-33948
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33948
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 8d399af333anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:21 +05:30
f251c27025
jq: patch CVE-2026-33947
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33947
Backport the patch that is referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 525e18ce21anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
c547565088
jq: patch CVE-2026-32316
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32316
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit e94ab85126anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
1574d0ed55
jq: Use Git to fetch the code
...
There is a bug (see https://github.com/jqlang/jq/issues/434 ), which
results in an empty version being used if autoreconf is run on the jq
sources when using a release tar ball. The incorrect assumption is that
autoreconf is only used when fetching the code using Git.
The empty version results in an incorrect libjq.pc file being created
where the version is not set, which results in, e.g.,
`pkgconf --libs 'libjq > 1.6'` failing even if version 1.8.1 of jq is
actually installed.
Switch to fetching the code using Git to workaround the bug.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit ed33569f82anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
3ed2bdeb7d
libgphoto2: patch CVE-2026-40341
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40341
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit de5f93f95danuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
2a3142c8fc
libgphoto2: patch CVE-2026-40340
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40340
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 420e5aec46anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
c7d9a8a5bf
libgphoto2: patch CVE-2026-40339
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40339
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 2e3be1dddcanuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
6ea6840dd3
libgphoto2: patch CVE-2026-40338
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40338
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit f22e17508eanuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
0d7e46071f
libgphoto2: patch CVE-2026-40336
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40336
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 078f26b084anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
52e89178e6
libgphoto2: patch CVE-2026-40335
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40335
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit f735ea20b1anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
866c25643a
libgphoto2: patch CVE-2026-40334
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40334
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit ce3fa8ad2aanuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
9e9977200d
libgphoto2: patch CVE-2026-40333
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40333
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 754e02c668anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
ba9800188e
openjpeg: patch CVE-2026-6192
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-6192
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 09050325e6anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
1df4552b9e
imagemagick: upgrade 7.1.2-18 -> 7.1.2-19
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 946243ec05skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
1f8d2c36c0
botan: patch CVE-2026-34582
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34582
Debian has identified[1] the PR that fixes this, however the url seems to have a
typo - it was PR number 5499[2], and not 5599[3]. (The backported commit's description matches
the CVE's description)
[1]: https://security-tracker.debian.org/tracker/CVE-2026-34582
[2]: https://github.com/randombit/botan/pull/5499
[3]: https://github.com/randombit/botan/pull/5599
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
4c4eaf1d21
php: upgrade 8.4.19 -> 8.4.20
...
This is a bug fix release.
Changelog: https://www.php.net/ChangeLog-8.php#8.4.20
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
a23083428f
giflib: patch CVE-2025-31344
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344
Backport the commit that mentions this CVE ID explicitly
in its message.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
fed5dab762
imagemagick: upgrade 7.1.2-17 -> 7.1.2-18
...
Contains fixes for CVE-2026-33535 and CVE-2026-33536
Shortlog:
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-17...7.1.2-18
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
873ae07e82
opensc: patch CVE-2025-66038
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66038
Backport the patch that is referenced by the upstream wiki
page[1] that is related to this vulnerability.
[1]: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
73034a4fe1
opensc: patch CVE-2025-66037
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66037
Backport the patch that is referenced by the upstream wiki
page[1] that is related to this vulnerability.
[1]: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
7c8dd8d492
opensc: patch CVE-2025-49010
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49010
Backport the patch that is referenced by the upstream wiki
page[1] that is related to this vulnerability.
[1]: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
6c4868d3f7
nodejs: ignore fixed CVEs
...
All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712,
which does not affect v22 series, because it was introduced in a
later version[2]. All these CVEs are tracked without version info
by NVD at the time of creating this patch.
[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
[2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
2c70222d32
nodejs: upgrade 22.22.1 -> 22.22.2
...
This is the March 2026 security release.
2 high severity issues.
5 medium severity issues.
2 low severity issues.
High priority fixes:
CVE-2026-21637
CVE-2026-21710
Medium priority fixes:
CVE-2026-21711 (affects only nodejs v25)
CVE-2026-21712 (affects only nodejs v24 & v25)
CVE-2026-21713
CVE-2026-21714
CVE-2026-21717
Low priority fixes:
CVE-2026-21715
CVE-2026-21716
https://nodejs.org/en/blog/vulnerability/march-2026-security-releases
Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit d32cd27eaaskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
de8e685a66
nodejs: upgrade 22.22.0 -> 22.22.1
...
License Update: Add sorttable.js under the MIT license - https://github.com/nodejs/node/pull/61348/files
Update minimatch to the Blue Oak Model License - https://github.com/nodejs/node/commit/e72da8c7544727f90b857ba86b8c7755e631fe96
Changelog: https://github.com/nodejs/node/releases/tag/v22.22.1
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit db05f827bbskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
25dbfb365a
giflib: Fix CVE-2026-23868
...
Pick patch according to [1]
[1] https://www.facebook.com/security/advisories/cve-2026-23868
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
b35ad41144
botan: patch CVE-2026-32884
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32884
The backported patch was selected based on the security.rst[1]
file of the project, that mentions the date of the fix. When
looked through the commits from that date, picked the one that's
description matches the CVE description.
The included test passed successfully (along with the other tests).
[1]: https://github.com/randombit/botan/blob/master/doc/security.rst
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
70a903c888
botan: patch CVE-2026-32883
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32883
Backport the patch that was identified by Debian[1].
The included test passed successfully (along with the other tests).
[1]: https://security-tracker.debian.org/tracker/CVE-2026-32883
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
c4b5bca1e8
botan: patch CVE-2026-32877
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32877
Backport the patch that was identified by Debian[1].
The included test passed successfully (along with the other tests).
[1]: https://security-tracker.debian.org/tracker/CVE-2026-32877
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
ab0866131d
libssh: Fix CVE-2026-0965
...
Pick the patch [1] as mentioned in [2]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=bf390a042623e02abc8f421c4c5fadc0429a8a76
[2] https://security-tracker.debian.org/tracker/CVE-2026-0965
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
cdfa4084fe
libssh: Fix CVE-2026-0967
...
Pick the patch [1] as mentioned in [2]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=6d74aa6138895b3662bade9bd578338b0c4f8a15
[2] https://security-tracker.debian.org/tracker/CVE-2026-0967
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
f516c3f209
libssh: Fix CVE-2026-0968
...
Pick the patch [1] and [2] as mentioned in [3]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=796d85f786dff62bd4bcc4408d9b7bbc855841e9
[2] https://git.libssh.org/projects/libssh.git/commit/?id=212121971fb26e1e00b72bd5402c0454a4d84c03
[3] https://security-tracker.debian.org/tracker/CVE-2026-0968
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
e62e3f8f25
freeipmi: upgrade 1.6.16 -> 1.6.17
...
Changes:
o Fix exploitable buffer overflows in the following ipmi-oem commands:
- ipmi-oem dell get-last-post-code
- ipmi-oem supermicro extra-firmware-info
- ipmi-oem wistron read-proprietary-string
o Support --proxy in ipmiconsole.
o Fix mem-leak within libfreeipmi locate api.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 4b4c770ce5ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
dba7c549bd
tigervnc: patch CVE-2026-34352
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34352
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
1ccaa949ea
zabbix: ignore CVE-2026-23919
...
It was fixed since version 7.0.19[1]
[1] https://support.zabbix.com/browse/ZBX-27638
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
4d1cb07307
openldap: upgrade 2.6.12 -> 2.6.13
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit b089df410fhttps://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_13/CHANGES?ref_type=tags
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
95c6a65c69
openldap: upgrade 2.6.10 -> 2.6.12
...
License-Update: Copyright year updated to 2026
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 6c54894209https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_6_12/CHANGES?ref_type=tags
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
6de735114a
iwd: upgrade 3.11 -> 3.12
...
Changelog:
===========
- Fix issue with handling expiration of PMKSA.
- Fix issue with handling uninitialized buffer and PMKID.
- Fix issue with checking for PKCS#8 key parser in unit tests.
- Fix issue with using -std=c23 compiler setting.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 7c5ec1fa02ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
bdf97cd9d2
iwd: update 3.10 -> 3.11
...
ver 3.11:
Fix issue with interface registration before acquiring name.
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit ac9041ed3eankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:38 +05:30
16af6bba7d
imapfilter: upgrade 2.8.3 -> 2.8.5
...
License-Update: copyright year updated to 2026.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 89b961c889https://github.com/lefcha/imapfilter/blob/v2.8.5/NEWS
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
b95d21b7aa
jasper: upgrade 4.2.8 -> 4.2.9
...
Changelog:
- Fixed a bug in the JP2 encoder that caused incorrect handling of
opacity components in some cases.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 330ecdd2adankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
56f9f2dbd5
libnice: make crypto library configurable via PACKAGECONFIG
...
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com >
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
8bf79306ad
bpftrace: Update the runtime dependencies
...
* bash and python3 are only needed by the ptest package.
* xz appears to not be needed at all.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
76bea270ec
mariadb: Upgrade 11.4.9 -> 11.4.10
...
Remove 0001-Remove-x86-specific-loop-in-my_convert.patch as it's fixed
in new version [1].
Remove 0001-MDEV-38029-my_tzinfo-t-fails-for-certain-TZ-values-o.patch
as its logic is included in new version [2].
Release note:
https://mariadb.com/docs/release-notes/community-server/11.4/11.4.10
[1] https://github.com/MariaDB/server/commit/470487c
[2] https://github.com/MariaDB/server/commit/a61a746
Signed-off-by: Mingli Yu <mingli.yu@windriver.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
0efa1d57b6
imagemagick: upgrade 7.1.2-16 -> 7.1.2-17
...
Contains bugfixes and a couple of CVE fixes:
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-16...7.1.2-17
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
e4a9ec5350
imagemagick: upgrade 7.1.2-15 -> 7.1.2-16
...
Changelog:
===========
* client: Fix use-after-free when creating async proxy failed
* daemon: Fix race on subscribers list when on thread
* ftp: Validate fe_size when parsing symlink target
* ftp: Check localtime() return value before use
* CVE-2026-28295: ftp: Use control connection address for PASV data
* CVE-2026-28296: ftp: Reject paths containing CR/LF characters
* gphoto2: Use g_try_realloc() instead of g_realloc()
* cdda: Reject path traversal in mount URI host
* client: Fail when URI has invalid UTF-8 chars
* Some other fixes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
f38ff6e7d0
capnproto: patch CVE-2026-32239 and CVE-2026-32240
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239
https://nvd.nist.gov/vuln/detail/CVE-2026-32240
Backport the patch that is referenced by the NVD advisories.
(Same patch for both vulnerabilities)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
d7710fb408
php: upgrade 8.4.18 -> 8.4.19
...
https://www.php.net/ChangeLog-8.php#8.4.19
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-03-26 10:29:24 +05:30
Jörg Sommer
Markus Volk
Gyorgy Sarvari
Peter Kjellerstedt
Wang Mingyu
Jason Schonberg
Vijay Anusuri
Deepak Rathore
Ankur Tyagi
Sujeet Nayak
Mingli Yu