diff mbox series

[meta-oe,5/6] libraw: mark fixed CVEs patched

Message ID 20260413180227.755337-5-skandigraun@gmail.com
State New
Headers show
Series [meta-networking,1/6] corosync: patch CVE-2026-35091 | expand

Commit Message

Gyorgy Sarvari April 13, 2026, 6:02 p.m. UTC 
These CVEs have been fixed already in the current version, however
NVD tracks them with incorrect version information.

Commits that fix them:
CVE-2026-20884: https://github.com/LibRaw/LibRaw/commit/aa4458eb511daeae90676c1ce5c587106e4aaec1
CVE-2026-24450: https://github.com/LibRaw/LibRaw/commit/c911c9b9edffa5fab99f828d0fee6dd2d0f6105f

These commits were identified from the changelog of this version[1], which mentions the
Talos ID of the vulnerabilities (and the Talos ID is mentioned in the NVD reports[2][3]).

[1]: https://github.com/LibRaw/LibRaw/releases/tag/0.22.1
[2]: https://nvd.nist.gov/vuln/detail/CVE-2026-24450
[3]: https://nvd.nist.gov/vuln/detail/CVE-2026-20884

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-support/libraw/libraw_0.22.1.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
index bd0a4c0b03..2e11a7f1f9 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
@@ -11,3 +11,5 @@  DEPENDS = "jpeg jasper lcms"
 
 CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1"
 CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1"