[whinlatter,02/11] sqlite3: mark CVE-2025-29087 as patched

Message ID	1e2f28b83164f793459838edca8431dfe7b831d7.1767772757.git.yoann.congal@smile.fr
State	New
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.128.49, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][whinlatter 02/11] sqlite3: mark CVE-2025-29087 as patched Date: Wed, 7 Jan 2026 09:08:51 +0100 Message-ID: <1e2f28b83164f793459838edca8431dfe7b831d7.1767772757.git.yoann.congal@smile.fr> In-Reply-To: <cover.1767772757.git.yoann.congal@smile.fr> References: <cover.1767772757.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[whinlatter,01/11] dropbear: patch CVE-2019-6111 \| expand [whinlatter,01/11] dropbear: patch CVE-2019-6111 [whinlatter,02/11] sqlite3: mark CVE-2025-29087 as patched [whinlatter,03/11] python3-urllib3: patch CVE-2025-66418 [whinlatter,04/11] python3-urllib3: patch CVE-2025-66471 [whinlatter,05/11] python3: upgrade 3.13.9 -> 3.13.11 [whinlatter,06/11] libarchive: upgrade 3.8.3 -> 3.8.4 [whinlatter,07/11] glib-2.0: upgrade 2.86.1 -> 2.86.3 [whinlatter,08/11] libpng: upgrade 1.6.51 -> 1.6.52 [whinlatter,09/11] libpcap: upgrade 1.10.5 -> 1.10.6 [whinlatter,10/11] Revert "populate_sdk_ext: keep SDK_TARGETS so SPDX/SBOM tasks remain in locked s… [whinlatter,11/11] Revert "create-spdx-image-3.0: Image SPDX/SBOM tasks are retained for eSDK insta…

Message ID

1e2f28b83164f793459838edca8431dfe7b831d7.1767772757.git.yoann.congal@smile.fr

State

New

Headers

From: Yoann Congal <yoann.congal@smile.fr>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][whinlatter 02/11] sqlite3: mark CVE-2025-29087 as patched
Date: Wed,  7 Jan 2026 09:08:51 +0100
Message-ID: 
 <1e2f28b83164f793459838edca8431dfe7b831d7.1767772757.git.yoann.congal@smile.fr>
In-Reply-To: <cover.1767772757.git.yoann.congal@smile.fr>
References: <cover.1767772757.git.yoann.congal@smile.fr>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[whinlatter,01/11] dropbear: patch CVE-2019-6111 | expand

Commit Message

Yoann Congal Jan. 7, 2026, 8:08 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Description of CVE-2025-29087 and CVE-2025-3277 are very similar.
There is no link from NVD, but [1] and [2] from Debian mark these two
CVEs as duplicates with the same link for patch.

[1] https://security-tracker.debian.org/tracker/CVE-2025-29087
[2] https://security-tracker.debian.org/tracker/CVE-2025-3277

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-support/sqlite/files/CVE-2025-3277.patch | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/sqlite/files/CVE-2025-3277.patch b/meta/recipes-support/sqlite/files/CVE-2025-3277.patch
index a3e28465f5..625cf29d3e 100644
--- a/meta/recipes-support/sqlite/files/CVE-2025-3277.patch
+++ b/meta/recipes-support/sqlite/files/CVE-2025-3277.patch
@@ -7,6 +7,7 @@  Subject: [PATCH] Add a typecast to avoid 32-bit integer overflow in the
 FossilOrigin-Name: 498e3f1cf57f164fbd8380e92bf91b9f26d6aa05d092fcd135d754abf1e5b1b5
 
 CVE: CVE-2025-3277
+CVE: CVE-2025-29087
 Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/f4fc2ee20311a0a5141726c71d318ab52001c974]
 
 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>

[whinlatter,02/11] sqlite3: mark CVE-2025-29087 as patched

Commit Message

Patch