mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-15 16:07:26 +00:00
33e7cb8f6c
Changelog:
==========
- Issue 2057 - SQL Injection in mod_wrap2_sql via reverse DNS
hostname (CVE-2026-44331).
- Issue 2056 - Incomplete fix for session management with OpenSSL 3.2.x or
later, when using TLSv1.2 or earlier. This complements the fix for
Issue #1963.
- Issue 2098 - Hard quota limits on uploads do not cause SFTP WRITE requests
to fail as expected.
- Issue 2102 - SSH payload length underflow calculation for ETM/ChaChaPoly
algorithms in mod_sftp.
- Issue 2104 - SSH packet with empty payload triggers null pointer dereference
in mod_sftp.
- Issue 2106 - Bad DSA signatures can lead to out-of-bounds read of heap memory
in mod_sftp.
- Issue 2108 - Mismatched RSA/DSA algorithm signatures can lead to null
dereference in mod_sftp.
- Issue 2115 - SFTP request payload length underflow calculation in mod_sftp.
- Issue 2120 - Several modules fail to build using OpenSSL 4.0.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit 88de7c1468)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>