From patchwork Mon Nov 24 15:10:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75310 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3051CFA466 for ; Mon, 24 Nov 2025 15:11:08 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18886.1763997060528465666 for ; Mon, 24 Nov 2025 07:11:00 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=kryeeH4a; spf=pass (domain: gmail.com, ip: 209.85.128.43, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-47778b23f64so23467065e9.0 for ; Mon, 24 Nov 2025 07:11:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763997059; x=1764601859; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=qVsrycqxyynLzO7UuDV4VX6uhxl73mmnphg0VfkYK+A=; b=kryeeH4azQxaBaosyukOfwGjgb3qx2vE9vHdft68rsm8xHtuAfHDI1jQd/XDMjB1IG iMZQgblFL/oDxdR0Xgb6Q/hjbJhLj4vdqUbADKG0xSgQ6xLwZ6jUz4MaWvJR8ui1dciK wjoCHGi+1eRhriCzVuHiQ1BtZt86luoZ28/aUz05QY0WzkYvRQD/bwl54Zzs9jcamRfT /2GI4RX87OSUOaMKwvA0TCwERkZzk9i/m15pFrClGv11vmn96eUaTJH5DKeJtgwhEeEm am6zd6kYrarv1AL+gsz9mNsKyPoB0RzQS5agYdvd45Pw4XLDATa05JFJztvOT+UDw/6j 8Gqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763997059; x=1764601859; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=qVsrycqxyynLzO7UuDV4VX6uhxl73mmnphg0VfkYK+A=; b=qWt9BBAyDkv2RrA356NIDENVxXXcny9eshGx6ShmQBzf05PxDTJcFFNArEYAqEOier RjuCE+IyOUUnUk9IC6lQB9N6H6qZtygczBnYThMdKRqJ8wm6P5vKL75k80K16T3L8Ju/ UnHncwJaTaB6Ai5j7aUeZN8cPKZoaB80UaDjFPAtYDdKqz5DJyROO+yf5/Hqrpicn2bA ziuxTsalPiTHBFafalMRGtL++OoyPrQw2KAIML5LdaKddjLLLyDaigjG7tH2bD42eGMj 0zZmdo53rCRZl7NLjuKf/hSYHU5J/D/DTiB40gEOk2JQCNraECiLqcwENsqZ0Y7I8Wc9 J4Cw== X-Gm-Message-State: AOJu0Yz3Df8QxPL4193BwAf3L8jxKGS0KkH5QmSsGJxscSkPfmDFtKi9 JdCBTNy56UY484u6BNiBJQEJtS1uH5ot46uh/A+I2us6X7Lo+tcPHVAa1fqs9aog X-Gm-Gg: ASbGncvNDiTgSiI35z7T/UPemX+whSe5SfMUB7r2zB6EBosv4wPGd/+zn5lbBENj/h2 woNKbshJdyoHRP9G6NuWQeNFSPAKFYMcw2niswEPdfP6m6XLutFT37FjUz99FyOTIOA4YT0FAhL wT8ssvlcqzOSFzEyNsVnkdhzH5Miu7+NzYwdG9Tgb32hKoAocncvVzdrGhmVTDThD4bx4B6qULm KVovdw88o3MeDkF9kmGdF5CX+6jFPj9sa0cXNJU4NDtS3LluAIIbksMEfSWEINohYjeCB4pgPF8 R09P3d05YJHa/jtpEGFYriH+WrzR1ufL7JYFeY5NArxtIVaDtELf5QifdiE79VvI3+kTM+72fuI /0Pwetat7neKUeqLQR+iLBHCUd19prZwn1uBWE733h4jVvqPuih6ZvxruihUyrmtT5X2uv3z/0O 1LTKPz8ua1 X-Google-Smtp-Source: AGHT+IH2d5gxG/ZHyV80X4ycWMP9sUfMPJsV116bSan7QE14hCwaovDlW680Ehm1FQ+IxW6S0AKKog== X-Received: by 2002:a05:600c:46cf:b0:477:561f:6fc8 with SMTP id 5b1f17b1804b1-477c1103015mr103787315e9.5.1763997058732; Mon, 24 Nov 2025 07:10:58 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-477a97412e3sm149092445e9.5.2025.11.24.07.10.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Nov 2025 07:10:58 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-webserver][PATCH 1/2] cockpit: set correct CVE_PRODUCT Date: Mon, 24 Nov 2025 16:10:56 +0100 Message-ID: <20251124151057.389723-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Nov 2025 15:11:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122014 Signed-off-by: Gyorgy Sarvari --- meta-webserver/recipes-webadmin/cockpit/cockpit_349.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-webserver/recipes-webadmin/cockpit/cockpit_349.bb b/meta-webserver/recipes-webadmin/cockpit/cockpit_349.bb index 4726386f6c..f84b1c4c34 100644 --- a/meta-webserver/recipes-webadmin/cockpit/cockpit_349.bb +++ b/meta-webserver/recipes-webadmin/cockpit/cockpit_349.bb @@ -197,3 +197,5 @@ do_install:append() { done fi } + +CVE_PRODUCT = "cockpit-project:cockpit" From patchwork Mon Nov 24 15:10:57 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 75309 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B4B12CFD313 for ; Mon, 24 Nov 2025 15:11:08 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.18888.1763997063583326919 for ; Mon, 24 Nov 2025 07:11:03 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=cq/ITVR1; spf=pass (domain: gmail.com, ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-477b5e0323bso28309915e9.0 for ; Mon, 24 Nov 2025 07:11:02 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1763997061; x=1764601861; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=ubC8xsk+sEiv+YwqyOM+6ViTsFgPivgQzieo+V0y4LY=; b=cq/ITVR1wrnRszmzs4Itj7BDGnowzYXdDlBgcBhR7Vk/ak1/qbSPmaV5aeTzL+p9Qf AaSxeaPD6x2f8yHsfqQzAXbycOLlHv9qoAy7AoRLrl1g6XZGZapUzoLognTJz6tZas+e 3jhIQc5gpNqXC0XlcgrjqnGhjMoBMz4UsjoNV/W8VfI0iDGjQXk5N5Mqr5cNDKW40vb0 Q3zxsQQi4JY4tOQBgnYwItbLtn0J840bF7G+zqe4TMpahrsuY/HBXM21q8ZlTko66vaA 4RDteRN+b8yaExmFcpE0Z+oioie3WEm5/Zh+bczJNAGYXhEno6/QEEnROIqh3qg0KTqX L22g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763997061; x=1764601861; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=ubC8xsk+sEiv+YwqyOM+6ViTsFgPivgQzieo+V0y4LY=; b=Cqjh24xO5aEhVkmCZHjirk0caVDbODBD34klRjpIcsx79fmqQU+xJAJKJ8sp2nh0aE MGnR8WSVQJrBddmRzUfS+6vB6KzkgINZ0i/F1PYbIscZavYQUL9HmYsnP05vDYfkSy8Q Ycvgz0WfWnOZ/GZk+3Kt/eCKR/6mWECqrv/jaWjn/WI5wPRmk43eO52ed8E4Y+VH7uv2 Ean2o65Y+fVGS6qpjBwM7eVUmBDBqXu9Y4aDUT9LYbj9XL9ehUXS6HdcciixIHrqqVFW vtcLoTaQAezkuM7h+CWGFY6/ujUWZTjcbhVj5QeLeB8N1Y7OwLKpSjx2lLjbFGSFUthc pGMQ== X-Gm-Message-State: AOJu0YyAlt86TbXna4I7SL1TcU6eDf0ma5y6nResjx2Re1Hx5/bZjjW1 nRb/LjQRMbaVDPo5XID4LFQbmveKN6diF7m6/OPnObIcaqSf+SENOp41/JocUji9 X-Gm-Gg: ASbGncu+lb9DpAxCuw8jL30fH2txqLeYKIEsdtj+j1kMOQdCT460FV7kyi5SSay8XHy 3AZ3BeKVlVdUPJ0548fMvOQvAS1/6rtL8moiZicsDDNknAQnZmjbMXMNRVj8JQiBC16Qi6AvEkZ 7a5pCAXhm8rCbmdzNDKCYPBzYSQkRUnui4yB/CuHBCrJZgbFQgmCvraM1u12t0YBJla8aTQHT4p sc5Io98ad6+V/BG4SZ+hfVyiBD5a7f+fR+WiDJRERXCGZuDzPilwxG5Pn7A28P/OWDjBU7NZwiQ Ja/BmdPrD/r6UaYK8cvfP0H+HuSxTjeOg4xTguf0qvH2xFEjcR8yLoaSmOIisrWhpaNxcYkqrph T6iVKct8jg1SJhNgQpBThYtn4KF7KZ+pOeJVO6st/MU3OSnJuq+1pLfjZpGtSMR2B8uzob7nxzX t5mQs2ZM5OSwb0rfLy9EA= X-Google-Smtp-Source: AGHT+IFE1P/1S7GWDTz2v+CifJ3smZip4/fn1ERzlvr58wYks0n06vcuatnzJ94WP6lhin+66DaU+A== X-Received: by 2002:a05:600c:4746:b0:477:a289:d854 with SMTP id 5b1f17b1804b1-477c04cfa31mr125096505e9.5.1763997060490; Mon, 24 Nov 2025 07:11:00 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-477a97412e3sm149092445e9.5.2025.11.24.07.10.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 24 Nov 2025 07:10:59 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH 2/2] tigervnc: ignore CVE-2014-8241 Date: Mon, 24 Nov 2025 16:10:57 +0100 Message-ID: <20251124151057.389723-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.52.0 In-Reply-To: <20251124151057.389723-1-skandigraun@gmail.com> References: <20251124151057.389723-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 24 Nov 2025 15:11:08 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/122015 Details: https://nvd.nist.gov/vuln/detail/CVE-2014-8241 The vulnerability is about a potential null-pointer dereference, because of a malloc result is not verified[1]. The vulnerable code has been refactored since completely[2], and the code isn't present anymore in the codebase. [1]: https://github.com/TigerVNC/tigervnc/issues/993#issuecomment-612874972 - attachment [2]: https://github.com/TigerVNC/tigervnc/commit/b8a24f055f1a29886d8b18bb3f0902144dc5bd14 Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb index dd4f79c314..d3159f8a88 100644 --- a/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb +++ b/meta-oe/recipes-graphics/tigervnc/tigervnc_1.15.0.bb @@ -85,3 +85,5 @@ FILES:${PN} += " \ " SYSTEMD_SERVICE:${PN} = "vncserver@.service" + +CVE_STATUS[2014-8241] = "fixed-version: The vulnerable code is not present in the used version (1.15.0)"