[whinlatter,2/4] sqlite3: mark CVE-2025-29087 as patched

Message ID	20260102121059.2321111-2-peter.marko@siemens.com
State	New
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.64.226, mailfrom: fm-256628-20260102121112360c13a211000207cc-pgnbrh@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: peter.marko@siemens.com Subject: [OE-core][whinlatter][PATCH 2/4] sqlite3: mark CVE-2025-29087 as patched Date: Fri, 2 Jan 2026 13:10:57 +0100 Message-Id: <20260102121059.2321111-2-peter.marko@siemens.com> In-Reply-To: <20260102121059.2321111-1-peter.marko@siemens.com> References: <20260102121059.2321111-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[whinlatter,1/4] libpng: upgrade 1.6.51 -> 1.6.52 \| expand [whinlatter,1/4] libpng: upgrade 1.6.51 -> 1.6.52 [whinlatter,2/4] sqlite3: mark CVE-2025-29087 as patched [whinlatter,3/4] python3-urllib3: patch CVE-2025-66418 [whinlatter,4/4] python3-urllib3: patch CVE-2025-66471

Message ID

20260102121059.2321111-2-peter.marko@siemens.com

State

New

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: peter.marko@siemens.com
Subject: [OE-core][whinlatter][PATCH 2/4] sqlite3: mark CVE-2025-29087 as
 patched
Date: Fri,  2 Jan 2026 13:10:57 +0100
Message-Id: <20260102121059.2321111-2-peter.marko@siemens.com>
In-Reply-To: <20260102121059.2321111-1-peter.marko@siemens.com>
References: <20260102121059.2321111-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[whinlatter,1/4] libpng: upgrade 1.6.51 -> 1.6.52 | expand

Commit Message

Peter Marko Jan. 2, 2026, 12:10 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Description of CVE-2025-29087 and CVE-2025-3277 are very similar.
There is no link from NVD, but [1] and [2] from Debian mark these two
CVEs as duplicates with the same link for patch.

[1] https://security-tracker.debian.org/tracker/CVE-2025-29087
[2] https://security-tracker.debian.org/tracker/CVE-2025-3277

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-support/sqlite/files/CVE-2025-3277.patch | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/sqlite/files/CVE-2025-3277.patch b/meta/recipes-support/sqlite/files/CVE-2025-3277.patch
index a3e28465f5..625cf29d3e 100644
--- a/meta/recipes-support/sqlite/files/CVE-2025-3277.patch
+++ b/meta/recipes-support/sqlite/files/CVE-2025-3277.patch
@@ -7,6 +7,7 @@  Subject: [PATCH] Add a typecast to avoid 32-bit integer overflow in the
 FossilOrigin-Name: 498e3f1cf57f164fbd8380e92bf91b9f26d6aa05d092fcd135d754abf1e5b1b5
 
 CVE: CVE-2025-3277
+CVE: CVE-2025-29087
 Upstream-Status: Backport [https://github.com/sqlite/sqlite/commit/f4fc2ee20311a0a5141726c71d318ab52001c974]
 
 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>

[whinlatter,2/4] sqlite3: mark CVE-2025-29087 as patched

Commit Message

Patch