[scarthgap,3/7] sqlite3: mark CVE-2025-29087 as patched

Message ID	3f951941c758b6982a3cd30d085460756b7fefd9.1746544207.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.173, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 3/7] sqlite3: mark CVE-2025-29087 as patched Date: Tue, 6 May 2025 08:13:55 -0700 Message-ID: <3f951941c758b6982a3cd30d085460756b7fefd9.1746544207.git.steve@sakoman.com> In-Reply-To: <cover.1746544207.git.steve@sakoman.com> References: <cover.1746544207.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,1/7] libsoup: patch CVE-2025-46420 \| expand [scarthgap,1/7] libsoup: patch CVE-2025-46420 [scarthgap,2/7] elfutils: Fix CVE-2025-1371 [scarthgap,3/7] sqlite3: mark CVE-2025-29087 as patched [scarthgap,4/7] glibc: stable 2.39 branch updates [scarthgap,5/7] binutils: stable 2.42 branch updates [scarthgap,6/7] bluez5: make media control a PACKAGECONFIG option [scarthgap,7/7] bluez5: backport a patch to fix btmgmt -i

Message ID

3f951941c758b6982a3cd30d085460756b7fefd9.1746544207.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 3/7] sqlite3: mark CVE-2025-29087 as patched
Date: Tue,  6 May 2025 08:13:55 -0700
Message-ID: 
 <3f951941c758b6982a3cd30d085460756b7fefd9.1746544207.git.steve@sakoman.com>
In-Reply-To: <cover.1746544207.git.steve@sakoman.com>
References: <cover.1746544207.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,1/7] libsoup: patch CVE-2025-46420 | expand

Commit Message

Steve Sakoman May 6, 2025, 3:13 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Description of CVE-2025-29087 and CVE-2025-3277 are very similar.
There is no lonk from NVD, but [1] and [2] from Debian mark these two
CVEs as duplicates with the same link for patch.

[1] https://security-tracker.debian.org/tracker/CVE-2025-29087
[2] https://security-tracker.debian.org/tracker/CVE-2025-3277

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-support/sqlite/sqlite3/CVE-2025-3277.patch | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-support/sqlite/sqlite3/CVE-2025-3277.patch b/meta/recipes-support/sqlite/sqlite3/CVE-2025-3277.patch
index 4e2ed5f1e0..b8225b5069 100644
--- a/meta/recipes-support/sqlite/sqlite3/CVE-2025-3277.patch
+++ b/meta/recipes-support/sqlite/sqlite3/CVE-2025-3277.patch
@@ -7,6 +7,7 @@  Subject: [PATCH] Add a typecast to avoid 32-bit integer overflow in the
 FossilOrigin-Name: 498e3f1cf57f164fbd8380e92bf91b9f26d6aa05d092fcd135d754abf1e5b1b5
 
 CVE: CVE-2025-3277
+CVE: CVE-2025-29087
 Upstream-Status: Backport [https://sqlite.org/src/info/498e3f1cf57f164f]
 Signed-off-by: Peter Marko <peter.marko@siemens.com>
 ---

[scarthgap,3/7] sqlite3: mark CVE-2025-29087 as patched

Commit Message

Patch