diff mbox series

[meta-oe,17/17] libraw: mark CVE-2026-20911 and CVE-2026-21413 patched

Message ID 20260420062750.3795917-17-skandigraun@gmail.com
State Accepted
Headers show
Series [meta-oe,01/17] fio: upgrade 3.41 -> 3.42 | expand

Commit Message

Gyorgy Sarvari April 20, 2026, 6:27 a.m. UTC 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-20911
https://nvd.nist.gov/vuln/detail/CVE-2026-21413

Both CVEs are tracked with incorrect version info: NVD indicates that
0.22.1 is explicitly vulnerable, but the fixes are actually included
in this release.

Relevant commits:
CVE-2026-20911: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b
CVE-2026-21413: https://github.com/LibRaw/LibRaw/commit/75ed2c12a35b765b3b6ad695cc1f044f19efe644

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-support/libraw/libraw_0.22.1.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
index 2e11a7f1f9..e99f0e46b6 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
@@ -13,3 +13,5 @@  CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1"
 CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"
 CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1"
 CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-20911] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-21413] = "fixed-version: fixed since 0.22.1"