f251c27025
jq: patch CVE-2026-33947
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33947
Backport the patch that is referenced by the NVD report.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 525e18ce21anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
c547565088
jq: patch CVE-2026-32316
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32316
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit e94ab85126anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
1574d0ed55
jq: Use Git to fetch the code
...
There is a bug (see https://github.com/jqlang/jq/issues/434 ), which
results in an empty version being used if autoreconf is run on the jq
sources when using a release tar ball. The incorrect assumption is that
autoreconf is only used when fetching the code using Git.
The empty version results in an incorrect libjq.pc file being created
where the version is not set, which results in, e.g.,
`pkgconf --libs 'libjq > 1.6'` failing even if version 1.8.1 of jq is
actually installed.
Switch to fetching the code using Git to workaround the bug.
Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit ed33569f82anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
3ed2bdeb7d
libgphoto2: patch CVE-2026-40341
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40341
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit de5f93f95danuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
2a3142c8fc
libgphoto2: patch CVE-2026-40340
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40340
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 420e5aec46anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
c7d9a8a5bf
libgphoto2: patch CVE-2026-40339
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40339
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 2e3be1dddcanuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
6ea6840dd3
libgphoto2: patch CVE-2026-40338
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40338
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit f22e17508eanuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
0d7e46071f
libgphoto2: patch CVE-2026-40336
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40336
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 078f26b084anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
52e89178e6
libgphoto2: patch CVE-2026-40335
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40335
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit f735ea20b1anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
866c25643a
libgphoto2: patch CVE-2026-40334
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40334
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit ce3fa8ad2aanuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
9e9977200d
libgphoto2: patch CVE-2026-40333
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-40333
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 754e02c668anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
ba9800188e
openjpeg: patch CVE-2026-6192
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-6192
Backport the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 09050325e6anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
c642dbf8e7
monkey: patch CVEs
...
These patches are about a number of CVEs files against the application:
CVE-2025-63649, CVE-2025-63650, CVE-2025-63651, CVE-2025-63652, CVE-2025-63653, CVE-2025-63655,
CVE-2025-63656, CVE-2025-63657 and CVE-2025-63658.
These patches are taken from a pull request[1] that is referenced in the relevant bug report[2].
The patches don't target specific CVEs on separately, but they fix a number of CVEs altogether.
Based on upstream analysis (in the linked issue) a number of these CVEs are duplicates of each
other and/or not exploitable. The valid CVEs are fixed by these patches.
I haven't added specific CVE info to the patches, one hand because of the above, it is hard to
separate the patches by CVE, and secondarily because NVD tracks these CVEs with incorrect version
info: NVD considers 1.8.6 fully fixed, even though the patches are only in the master branch,
untagged at this time. After updating the recipe to 1.8.6+, the vulnerabilites will disappear
from the CVE report due to this.
[1]: https://github.com/monkey/monkey/pull/434
[2]: https://github.com/monkey/monkey/issues/426
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit d31f07340fanuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
a7b755fbd0
monkey: upgrade 1.8.4 -> 1.8.7
...
Shortlog:
https://github.com/monkey/monkey/compare/v1.8.4...v1.8.7
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 22277ca3a3anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
133678b770
hiawatha: upgrade 11.7 -> 11.8
...
Drop patches that are included in this release.
Changes:
* mbed TLS updated to 3.6.4.
* Small bugfixes.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit d92fa873e5ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
1df4552b9e
imagemagick: upgrade 7.1.2-18 -> 7.1.2-19
...
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 946243ec05skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
ae59325285
corosync: patch CVE-2026-35092
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35092
Pick the patch that mentions the CVE ID explicitly (the same commit
was identified by Debian also[1])
[1]: https://security-tracker.debian.org/tracker/CVE-2026-35092
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
5b72e39149
corosync: patch CVE-2026-35091
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35091
Pick the patch that mentions the CVE ID explicitly (it was identified
by Debian also as the fix[1])
[1]: https://security-tracker.debian.org/tracker/CVE-2026-35091
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
1f8d2c36c0
botan: patch CVE-2026-34582
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34582
Debian has identified[1] the PR that fixes this, however the url seems to have a
typo - it was PR number 5499[2], and not 5599[3]. (The backported commit's description matches
the CVE's description)
[1]: https://security-tracker.debian.org/tracker/CVE-2026-34582
[2]: https://github.com/randombit/botan/pull/5499
[3]: https://github.com/randombit/botan/pull/5599
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
4c4eaf1d21
php: upgrade 8.4.19 -> 8.4.20
...
This is a bug fix release.
Changelog: https://www.php.net/ChangeLog-8.php#8.4.20
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
a23083428f
giflib: patch CVE-2025-31344
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344
Backport the commit that mentions this CVE ID explicitly
in its message.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
fed5dab762
imagemagick: upgrade 7.1.2-17 -> 7.1.2-18
...
Contains fixes for CVE-2026-33535 and CVE-2026-33536
Shortlog:
https://github.com/ImageMagick/ImageMagick/compare/7.1.2-17...7.1.2-18
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
873ae07e82
opensc: patch CVE-2025-66038
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66038
Backport the patch that is referenced by the upstream wiki
page[1] that is related to this vulnerability.
[1]: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
73034a4fe1
opensc: patch CVE-2025-66037
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66037
Backport the patch that is referenced by the upstream wiki
page[1] that is related to this vulnerability.
[1]: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
7c8dd8d492
opensc: patch CVE-2025-49010
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49010
Backport the patch that is referenced by the upstream wiki
page[1] that is related to this vulnerability.
[1]: https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
6c4868d3f7
nodejs: ignore fixed CVEs
...
All these CVEs are fixed in v22.22.2[1], except for CVE-2026-21712,
which does not affect v22 series, because it was introduced in a
later version[2]. All these CVEs are tracked without version info
by NVD at the time of creating this patch.
[1]: https://github.com/nodejs/node/blob/v22.x/doc/changelogs/CHANGELOG_V22.md
[2]: https://nodejs.org/en/blog/vulnerability/march-2026-security-releases
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
2c70222d32
nodejs: upgrade 22.22.1 -> 22.22.2
...
This is the March 2026 security release.
2 high severity issues.
5 medium severity issues.
2 low severity issues.
High priority fixes:
CVE-2026-21637
CVE-2026-21710
Medium priority fixes:
CVE-2026-21711 (affects only nodejs v25)
CVE-2026-21712 (affects only nodejs v24 & v25)
CVE-2026-21713
CVE-2026-21714
CVE-2026-21717
Low priority fixes:
CVE-2026-21715
CVE-2026-21716
https://nodejs.org/en/blog/vulnerability/march-2026-security-releases
Changelog: https://github.com/nodejs/node/releases/tag/v22.22.2
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit d32cd27eaaskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
de8e685a66
nodejs: upgrade 22.22.0 -> 22.22.1
...
License Update: Add sorttable.js under the MIT license - https://github.com/nodejs/node/pull/61348/files
Update minimatch to the Blue Oak Model License - https://github.com/nodejs/node/commit/e72da8c7544727f90b857ba86b8c7755e631fe96
Changelog: https://github.com/nodejs/node/releases/tag/v22.22.1
Signed-off-by: Jason Schonberg <schonm@gmail.com >
Signed-off-by: Khem Raj <raj.khem@gmail.com >
(cherry picked from commit db05f827bbskandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
25dbfb365a
giflib: Fix CVE-2026-23868
...
Pick patch according to [1]
[1] https://www.facebook.com/security/advisories/cve-2026-23868
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
d994b091f6
dovecot: mark CVE-2026-0394 patched
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0394
As identified[1] by Debian, the recipe version already contains
the commits that fix this. Due to this mark it as patched.
[1]: https://security-tracker.debian.org/tracker/CVE-2026-0394
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
47ec93ee07
dovecot: patch CVE-2025-59031
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-59031
Backport the patch that was identified[1] by Debian.
[1]: https://security-tracker.debian.org/tracker/CVE-2025-59031
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
b35ad41144
botan: patch CVE-2026-32884
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32884
The backported patch was selected based on the security.rst[1]
file of the project, that mentions the date of the fix. When
looked through the commits from that date, picked the one that's
description matches the CVE description.
The included test passed successfully (along with the other tests).
[1]: https://github.com/randombit/botan/blob/master/doc/security.rst
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
70a903c888
botan: patch CVE-2026-32883
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32883
Backport the patch that was identified by Debian[1].
The included test passed successfully (along with the other tests).
[1]: https://security-tracker.debian.org/tracker/CVE-2026-32883
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
c4b5bca1e8
botan: patch CVE-2026-32877
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32877
Backport the patch that was identified by Debian[1].
The included test passed successfully (along with the other tests).
[1]: https://security-tracker.debian.org/tracker/CVE-2026-32877
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
ab0866131d
libssh: Fix CVE-2026-0965
...
Pick the patch [1] as mentioned in [2]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=bf390a042623e02abc8f421c4c5fadc0429a8a76
[2] https://security-tracker.debian.org/tracker/CVE-2026-0965
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
cdfa4084fe
libssh: Fix CVE-2026-0967
...
Pick the patch [1] as mentioned in [2]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=6d74aa6138895b3662bade9bd578338b0c4f8a15
[2] https://security-tracker.debian.org/tracker/CVE-2026-0967
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
f516c3f209
libssh: Fix CVE-2026-0968
...
Pick the patch [1] and [2] as mentioned in [3]
[1] https://git.libssh.org/projects/libssh.git/commit/?id=796d85f786dff62bd4bcc4408d9b7bbc855841e9
[2] https://git.libssh.org/projects/libssh.git/commit/?id=212121971fb26e1e00b72bd5402c0454a4d84c03
[3] https://security-tracker.debian.org/tracker/CVE-2026-0968
Signed-off-by: Deepak Rathore <deeratho@cisco.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
2d95f187bd
gjs: upgrade 1.84.1 -> 1.84.2
...
Version 1.84.2
--------------
- Closed bugs and merge requests:
* GtkNotebook.pages GListModel is inaccessible from GJS [#686 , !992 , Philip
Chimento]
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 3797a82feeankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-24 21:13:20 +05:30
e62e3f8f25
freeipmi: upgrade 1.6.16 -> 1.6.17
...
Changes:
o Fix exploitable buffer overflows in the following ipmi-oem commands:
- ipmi-oem dell get-last-post-code
- ipmi-oem supermicro extra-firmware-info
- ipmi-oem wistron read-proprietary-string
o Support --proxy in ipmiconsole.
o Fix mem-leak within libfreeipmi locate api.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com >
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com >
(cherry picked from commit 4b4c770ce5ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
24333410e6
strongswan: patch CVE-2026-25075
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25075
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
dba7c549bd
tigervnc: patch CVE-2026-34352
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-34352
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
1ccaa949ea
zabbix: ignore CVE-2026-23919
...
It was fixed since version 7.0.19[1]
[1] https://support.zabbix.com/browse/ZBX-27638
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
6f87a552ab
wolfssl: patch CVE-2026-4395
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4395
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
99b851ae0e
wolfssl: patch CVE-2026-4159
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-4159
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
5a858b3578
wolfssl: patch CVE-2026-3547
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3547
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
60443c7d85
wolfssl: patch CVE-2026-3230
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3230
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
d0e8fba3a1
wolfssl: ptach CVE-2026-3229
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3229
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
40f7bfd054
wolfssl: patch CVE-2026-2646
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2646
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
e4fbbe5138
wolfssl: patch CVE-2026-0819
...
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0819
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
a3156b1afc
libde265: patch CVE-2026-33165
...
Backport the commit mentioned in the NVD
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33165
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com >
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com >
2026-04-21 08:57:47 +05:30
Gyorgy Sarvari
Peter Kjellerstedt
Wang Mingyu
Jason Schonberg
Vijay Anusuri
Deepak Rathore
Liu Yiding
Ankur Tyagi