| Message ID | 20260110103716.3470419-1-ankur.tyagi85@gmail.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | Anuj Mittal |
| Headers | show |
| Series | [meta-oe,scarthgap,1/5] freerdp3: ignore CVE-2025-68118 | expand |
At this time this CVE is both ignored and patched[1] - I think the patch could be dropped. [1]: https://git.openembedded.org/meta-openembedded-contrib/commit/?h=anujm/scarthgap&id=19d7eedf67ea1b8fe27790366d98a7e888cb839a On 1/10/26 11:37, Ankur Tyagi via lists.openembedded.org wrote: > From: Ankur Tyagi <ankur.tyagi85@gmail.com> > > Only affects Windows and can be ignored. > > Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118 > > Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> > --- > meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb > index b9ec75236b..6e27efb5ce 100644 > --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb > +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb > @@ -74,3 +74,5 @@ do_configure:append() { > } > > FILES:${PN} += "${datadir}" > + > +CVE_STATUS[CVE-2025-68118] = "not-applicable-platform: only affects Windows" > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#123320): https://lists.openembedded.org/g/openembedded-devel/message/123320 > Mute This Topic: https://lists.openembedded.org/mt/117189431/6084445 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
On Mon, Jan 12, 2026 at 7:08 PM Gyorgy Sarvari <skandigraun@gmail.com> wrote: > > At this time this CVE is both ignored and patched[1] - I think the patch > could be dropped. Agree, thanks for sorting this out. > > [1]: > https://git.openembedded.org/meta-openembedded-contrib/commit/?h=anujm/scarthgap&id=19d7eedf67ea1b8fe27790366d98a7e888cb839a > > On 1/10/26 11:37, Ankur Tyagi via lists.openembedded.org wrote: > > From: Ankur Tyagi <ankur.tyagi85@gmail.com> > > > > Only affects Windows and can be ignored. > > > > Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68118 > > > > Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> > > --- > > meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb > > index b9ec75236b..6e27efb5ce 100644 > > --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb > > +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb > > @@ -74,3 +74,5 @@ do_configure:append() { > > } > > > > FILES:${PN} += "${datadir}" > > + > > +CVE_STATUS[CVE-2025-68118] = "not-applicable-platform: only affects Windows" > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#123320): https://lists.openembedded.org/g/openembedded-devel/message/123320 > > Mute This Topic: https://lists.openembedded.org/mt/117189431/6084445 > > Group Owner: openembedded-devel+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > >
On Mon, Jan 12, 2026 at 2:08 PM Gyorgy Sarvari via lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org> wrote: > > At this time this CVE is both ignored and patched[1] - I think the patch > could be dropped. > > [1]: > https://git.openembedded.org/meta-openembedded-contrib/commit/?h=anujm/scarthgap&id=19d7eedf67ea1b8fe27790366d98a7e888cb839a Since this isn't merged yet, I will drop this ignore unless there are problems with the CVE patch because of which it needs to be reverted? Thanks, Anuj
On 1/12/26 10:13, Anuj Mittal via lists.openembedded.org wrote: > On Mon, Jan 12, 2026 at 2:08 PM Gyorgy Sarvari via > lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org> > wrote: >> At this time this CVE is both ignored and patched[1] - I think the patch >> could be dropped. >> >> [1]: >> https://git.openembedded.org/meta-openembedded-contrib/commit/?h=anujm/scarthgap&id=19d7eedf67ea1b8fe27790366d98a7e888cb839a > Since this isn't merged yet, I will drop this ignore unless there are > problems with the CVE patch because of which it needs to be reverted? Personally I'm not a fan of that patch. I wanted to mention this, but I noticed it after it was merged. Planned something like that, but fortunately Ankur was faster. My main issue is in the first hunk: a header is duplicated (which is harmless), but there is also a macro redefinition, which doesn't look intentional, and have no idea if it actually has any noticeable side-effect. > Thanks, > > Anuj > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#123371): https://lists.openembedded.org/g/openembedded-devel/message/123371 > Mute This Topic: https://lists.openembedded.org/mt/117189431/6084445 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [skandigraun@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb index b9ec75236b..6e27efb5ce 100644 --- a/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb +++ b/meta-oe/recipes-support/freerdp/freerdp3_3.4.0.bb @@ -74,3 +74,5 @@ do_configure:append() { } FILES:${PN} += "${datadir}" + +CVE_STATUS[CVE-2025-68118] = "not-applicable-platform: only affects Windows"