da98d95f63
exiv2: patch CVE-2021-37619
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37619
Pick the patch from the PR referenced by the NVD advisory.
Note that the regression test is not part of this patch,
as no patchtool could apply it in do_patch task.
The test patch was however manually applied during preparing
this patch, and all tests were executed successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-03-01 15:13:13 +01:00
60da39aeca
exiv2: patch CVE-2021-37618
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37618
Pick the patch from the PR that is referenced by the NVD advisory.
Note that the regression test was not backported, because it contains
a binary patch, that I couldn't apply with any of the patchtools
in the do_patch step. Before submission however I have applied the
patches, and ran all the tests successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-03-01 15:13:03 +01:00
f104fc88bb
exiv2: patch CVE-2021-37615 and CVE-2021-37616
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-37615
https://nvd.nist.gov/vuln/detail/CVE-2021-37616
Backport the patches from the PR that is referenced by the NVD advisory.
Both CVEs are fixed by the same PR.
Note that the patch that added a regression test is not included. This
is because it contains a binary patch, which seems to be impossible
to apply with all patchtools during do_patch. Though it is not included
in this patch, it was applied manually during prepration, and all ptests
(including the new regression test) passed successfully.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-03-01 15:12:53 +01:00
77c9119674
emacs: patch CVE-2022-48337
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-48337
Backport the patch that is referenced by he NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 17:00:44 +01:00
0dada584c8
fontforge: patch CVE-2025-15279
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15279
Pick the patch that mentions this vulnerability ID explicitly.
Also, this patch has caused some regression - pick the patch also
that fixed that regression.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
4e091b47f7
fontforge: patch CVE-2025-15275
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15275
Pick the patch that mentions this vulnerability ID explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
3a9f929fb0
fontforge: patch CVE-2025-15270
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15270
Pick the patch that mentions this vulnerbaility explicitly
in its description.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
68c3e48a59
fontforge: patch CVE-2025-15269
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15269
Pick the patch that refers to this vulnerability ID explicitly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
38bfafb8c4
protobuf: ignore CVE-2026-0994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
c737d99e36
cups-filters: patch CVE-2025-64503
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-64503
Pick the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-27 14:28:50 +01:00
d9010e70c4
iperf3: remove incorrect CVE_PRODUCT setting
...
This CVE_PRODUCT setting seems to be copied from the iperf2 recipe.
But the CVE_PRODUCT for iperf3 should be just iperf3. For example,
https://nvd.nist.gov/vuln/detail/CVE-2023-38403 .
Signed-off-by: Chen Qi <Qi.Chen@windriver.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-26 13:36:35 +01:00
33822593e5
rocksdb: Add an option to set static library
...
Modify the CMakeLists.txt to add an Option for
STATIC target import, as available for shared library.
Link: https://github.com/facebook/rocksdb/pull/12890
Configure static library as option, default to ON.
Provides option to make it off thru PACKCONFIG, if needed.
Signed-off-by: Bhabu Bindu <bindu.bhabu@kpit.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 233079a41cakuster808@gmail.com >
(cherry picked from commit 72018ca1b1zahir.basha@kpit.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-26 13:36:34 +01:00
631e0ac2f0
postgresql: upgrade 14.20 -> 14.21
...
It contains Security fixes for CVE-2026-2003, CVE-2026-2004,
CVE-2026-2005, CVE-2026-2006 and CVE-2026-2007.
It also contains other bug fixes and for more details refer Release note.
0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 14.21
Release notes: https://www.postgresql.org/docs/release/14.21/
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-26 13:36:29 +01:00
8a598a2bc9
poppler: mark CVE-2022-38171 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-38171
This is the same as CVE-2021-30860, but that one was primarily filed
against Apple software (and some other related projects).
The patch that fixes this vulenrability is already added to the recipe,
just extend its CVE tag
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-15 15:30:54 +01:00
b54893d226
mercurial: ignore CVE-2022-43410
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-43410
The vulnerability affects only the Mercurial Jenkins plugin, which
is a different project. This CVE can be ignored in this recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-15 15:30:54 +01:00
518ff6ef48
mariadb: Fix CVE-2025-30693
...
Upstream-Status: Backport from https://github.com/MariaDB/server/commit/1c9f64e54ffb109bb6cf6a189e863bfa54e46510
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-11 11:30:12 +01:00
8e5a4c1a26
tigervnc: mark CVE-2024-0408 and CVE-2024-0409 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-0408
https://nvd.nist.gov/vuln/detail/CVE-2024-0409
Both of these vulnerabilities were fixed[1][2] in xserver 21.1.11,
just mark them patched.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/8d825f72da71d6c38cbb02cf2ee2dd9e0e0f50f2
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a4f0e9466f3bc7073a8f0c28a581211c2d7adf0e
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:16:53 +01:00
84457b29af
tigervnc: ignore CVE-2025-26594...26601
...
Ignore the following CVEs: CVE-2025-26594, CVE-2025-26595, CVE-2025-26596,
CVE-2025-26597, CVE-2025-26598, CVE-2025-26599, CVE-2025-26600, CVE-2025-26601
Details:
https://nvd.nist.gov/vuln/detail/CVE-2025-26594
https://nvd.nist.gov/vuln/detail/CVE-2025-26595
https://nvd.nist.gov/vuln/detail/CVE-2025-26596
https://nvd.nist.gov/vuln/detail/CVE-2025-26597
https://nvd.nist.gov/vuln/detail/CVE-2025-26598
https://nvd.nist.gov/vuln/detail/CVE-2025-26599
https://nvd.nist.gov/vuln/detail/CVE-2025-26600
https://nvd.nist.gov/vuln/detail/CVE-2025-26601
TigerVNC compiles its own xserver, this is why these CVEs are associated
with it - despite the vulnerabilities being in xserver.
All of these vulnerabilities were fixed by the same PR[1], which has
been part of xserver since version 21.1.16 (the currently used xserver
version in TigerVNC is 21.1.18).
Due to this, ignore these vulnerabilities, and just mark them as patched.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/merge_requests/1830
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 4924e89bb7skandigraun@gmail.com >
2026-02-10 00:16:43 +01:00
e51b233d2e
tigervnc: ignore CVE-2023-6478
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6478
TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.
The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/14f480010a93ff962fef66a16412fafff81ad632
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/58e83c683950ac9e253ab05dd7a13a8368b70a3c
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 62a78f8ba7skandigraun@gmail.com >
2026-02-10 00:16:33 +01:00
03a67156a4
tigervnc: ignore CVE-2023-6377
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-6377
TigerVNC compiles its own xserver, this is why this CVE is associated
with it - despite the vulnerability being in xserver.
The vulnerability was fixed by [1] (from the nvd report), which has been
backported[2] to the xserver version used by the recipe - so ignore the
CVE, since it's patched already.
[1]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/0c1a93d319558fe3ab2d94f51d174b4f93810afd
[2]: https://gitlab.freedesktop.org/xorg/xserver/-/commit/a7bda3080d2b44eae668cdcec7a93095385b9652
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit f691f2178bskandigraun@gmail.com >
2026-02-10 00:16:21 +01:00
c0766dbf4b
tigervnc: sync xserver component with oe-core
...
oe-core has a newer version of xserver than this recipe used to compile
TigerVNC with. This recipe updates xserver to the same version, 21.1.18.
TigerVNC only started to support this xserver version 2 versions later,
with 1.13. Due to this 3 commits were backported that add the missing
changes.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-10 00:16:12 +01:00
a817392c05
faad2: patch CVE-2021-32276
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-32276
Pick the patches from the PR[1] that resolved the issue[2] referenced by
the NVD advisory.
[1]: https://github.com/knik0/faad2/pull/66
[2]: https://github.com/knik0/faad2/issues/58
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-02-01 15:30:31 +01:00
44247b3cb0
libass: patch CVE-2020-24994
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-24994
Backport the commit that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
bcac2eef54
gpsd: patch CVE-2025-67268
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67268
Pick the patch that is referenced by the NVD advisory.
The original commit also contains a lot of commenting style
changes (// vs /* */) and whitespace changes which were removed from
the backport.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
510ac35c7d
libvncserver: patch CVE-2020-29260
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-29260
Pick the patch referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
6c5f2e9e50
sanlock: upgrade 3.8.4 -> 3.8.5
...
setuptools.patch
removed since it's included in 3.8.5.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit cc532b9d4eskandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
5e331f8434
freerdp: patch CVE-2024-32658
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32658
Backport the patch that was marked to resolve this issue by the
relevant Github advisory[1].
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
eb9c9730a4
freerdp: patch CVE-2024-32460
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32460
Backport the patch that is marked to resolve this vulnerability
by the relevant Github advisory[1].
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
fe05b2e186
freerdp: patch CVE-2024-32459
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32459
Pick the patch that is marked to resolve this vulnerability by
the relevant Github advisory[1].
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
8bce3cf874
freerdp: patch CVE-2024-32458
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32458
Pick the patch that is marked to resolve this vulnerbility by the
relevant Github advisory[1].
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
dda2b96cb2
freerdp: mark CVE-2024-32041 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32041
Both the relevant Github Advisory[1] and Debian[2] states that the
same patch fixes this vulnerability as CVE-2024-32039.
Therefore add this CVE ID to the same patch's CVE tag.
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
[2]: https://security-tracker.debian.org/tracker/CVE-2024-32041
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
23a46eae5f
freerdp: patch CVE-2024-32040
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32040
Pick the patch that is marked to resolve this vulnerability, from
the related Github advisory[1].
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-23c5-cp23-h2h5
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
cebeb9b1a6
freerdp: patch CVE-2024-32039
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32039
Pick the commit that is marked to resolve this vulerability, mentioned
by the Github advisory[1].
[1]: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
86566fac39
freerdp: patch CVE-2024-22211
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-22211
Pick the patch that is referenced by the NVD report as the solution.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
99ffae0ed0
freerdp: patch CVE-2023-40589
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40589
Pick the patch that was identified[1] by Debian to solve the issue
on the 2.x branch.
[1]: https://security-tracker.debian.org/tracker/CVE-2023-40589
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
d3eea640d3
freerdp: add ptest support
...
The tests take about 50s to execute on my machine.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
bb987740aa
freerdp: patch CVE-2023-40569
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40569
Pick the patch that was identified[1] by Debian as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2023-40569
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
d4e1c145e6
freerdp: patch CVE-2023-40181
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40181
Pick the patch that was identified[1] by Debian as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2023-40181
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
c9affa4bd5
freerdp: patch CVE-2023-39353
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39353
Pick the patch that was identified[1] by Debian as the solution.
[1]: https://security-tracker.debian.org/tracker/CVE-2023-39353
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
c793926ade
freerdp: patch CVE-2023-39352
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39352
Backport the commit that was identified[1] by Debian as the solution.
Note: WINPR_ASSERT macro calls have been changed to assert calls, as this
macro doesn't exist yet in this version. Looking at the implementation[2],
it is basically an assert call with a bit verbose logs.
Even though the original implementation also defines a no-op version, the
assert version is enabled by default.
[1]: https://security-tracker.debian.org/tracker/CVE-2023-39352
[2]: https://github.com/FreeRDP/FreeRDP/blob/2.11.0/winpr/include/winpr/assert.h#L31
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
f4a93a4c96
freerdp: patch CVE-2023-39351
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39351
Pick the patch that is mentioned by Debian[1] to solve the problem.
[1]: https://security-tracker.debian.org/tracker/CVE-2023-39351
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
9e67ae18b0
freerdp: patch CVE-2023-39350
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39350
Pick the patch that was identified[1] by Debian as the solution.
Note that the NVD report also references a commit as a patch - however
that seems to be incorrect. Although the NVD patch also solves a
vulnerability, it solves a different CVE (CVE-2023-39353), not this.
[1]: https://security-tracker.debian.org/tracker/CVE-2023-39350
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
f0e689ff4d
freerdp: patch CVE-2022-39320
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39320
Take the patch that Debian has determined[1] to solve the issue.
[1]: https://security-tracker.debian.org/tracker/CVE-2022-39320
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
8cea479b35
freerdp: mark CVE-2022-39317 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39317
Both Ubuntu[1] and Red Hat[2] confirms that this vulenrability is
fixed by the same patch as CVE-2022-39316.
Therefore add this CVE ID to the patch's tag also.
[1]: https://ubuntu.com/security/CVE-2022-39317
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=2143643
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
af8f2af56b
freerdp: patch CVE-2022-39282
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-39282
Pick the patch that's description matches the CVE description.
(Debian also considers the same patch[1] the fix)
[1]: https://security-tracker.debian.org/tracker/CVE-2022-39282
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
ee510136eb
freerdp: patch CVE-2022-24883
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-24883
Pick the patch that is mentioned in teh NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
f4ed05a423
influxdb: ignore CVE-2024-30896
...
As mentioned in the comment[1], vulnerability is in
/api/v2/authorizations API which only exists in 2.x, 1.x is not affected.
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-30896
[1] https://github.com/influxdata/influxdb/issues/24797#issuecomment-2514690740
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 2f1d7a8597skandigraun@gmail.com >
2026-01-30 18:59:29 +01:00
b1794b6239
boinc-client: mark CVE-2013-2018 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2013-2018
According to oss-security email[1], version 7.0.45 included
the fixes[2][3][4]
[1]: https://www.openwall.com/lists/oss-security/2013/04/29/11
[2]: https://github.com/BOINC/boinc/commit/6e205de096da83b12ffb2f0183b43e51261eb0c4
[3]: https://github.com/BOINC/boinc/commit/e8d6c33fe158129a5616e18eb84a7a9d44aca15f
[4]: https://github.com/BOINC/boinc/commit/ce3110489bc139b8218252ba1cb0862d69f72ae3
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit 2a78ad8813skandigraun@gmail.com >
2026-01-30 18:59:28 +01:00
4ccb9bf4ac
raptor2: patch CVE-2024-57823
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-57822
Pick the patch mentioned in the related github issue[1].
The issue contains fixes for 2 issues, but only the second
patch is related to this vulnerability.
[1]: https://github.com/dajobe/raptor/issues/70
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-20 18:22:02 +01:00
542c269b5a
raptor2: patch CVE-2024-57822
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-57822
Pick the patch mentioned in the related github issue[1].
The issue contains fixes for 2 issues, but only the first
patch is related to this vulnerability.
[1]: https://github.com/dajobe/raptor/issues/70
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
2026-01-20 18:22:01 +01:00
Gyorgy Sarvari
Chen Qi
Zahir Hussain
Hitendra Prajapati
Vijay Anusuri
Wang Mingyu
Ankur Tyagi