| Message ID | 20260125162241.730332-1-peter.marko@siemens.com |
|---|---|
| State | Accepted, archived |
| Commit | d59abb5639f911d970521c8c41e9146b5d2ae511 |
| Headers | show |
| Series | glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched | expand |
On Sun, Jan 25, 2026 at 09:59 PM, Peter Marko wrote: > > -CVE_STATUS_STABLE_BACKPORTS = "" > +CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861 > CVE-2026-0915" Hi Peter, The current commit hash does not include the fix for *CVE-2025-15281*. The hash needs to be updated to incorporate this fix. Regards, Deepesh
Thanks for noticing.
I have sent a hash bump to have the CVE fixed.
Peter
From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Varatharajan, Deepesh via lists.openembedded.org
Sent: Wednesday, January 28, 2026 13:43
To: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched
On Sun, Jan 25, 2026 at 09:59 PM, Peter Marko wrote:
-CVE_STATUS_STABLE_BACKPORTS = ""
+CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861 CVE-2026-0915"
Hi Peter,
The current commit hash does not include the fix for CVE-2025-15281. The hash needs to be updated to incorporate this fix.
Regards,
Deepesh
diff --git a/meta/recipes-core/glibc/glibc_2.42.bb b/meta/recipes-core/glibc/glibc_2.42.bb index b33d1b44ba..76ef521a1c 100644 --- a/meta/recipes-core/glibc/glibc_2.42.bb +++ b/meta/recipes-core/glibc/glibc_2.42.bb @@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, m easier access for another. 'ASLR bypass itself is not a vulnerability.'" CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS" -CVE_STATUS_STABLE_BACKPORTS = "" +CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861 CVE-2026-0915" CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash" DEPENDS += "gperf-native bison-native"