From patchwork Fri Feb 13 15:42:25 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 81080 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2B321EDF178 for ; Fri, 13 Feb 2026 15:42:34 +0000 (UTC) Received: from mail-wr1-f50.google.com (mail-wr1-f50.google.com [209.85.221.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.74773.1770997352709097376 for ; Fri, 13 Feb 2026 07:42:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=d4WzMIZp; spf=pass (domain: gmail.com, ip: 209.85.221.50, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-4362507f396so1059229f8f.0 for ; Fri, 13 Feb 2026 07:42:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770997351; x=1771602151; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=LQjbZYQZJTpimUDqsaGOgPqRU377uX2Fj/Uz5C+q+PY=; b=d4WzMIZp1en5V11gpxxMI0/LCgRSOUqs0Db2Ig95Edv286qa5ixalDysKnODLWMy62 +MaIIq+XRlKmYTqQEHqSsfw93MMx+fZiOujRYBdGcnPOx8xn9SJae3h2Z8oYHTq1xTSL B9WDJVf7CL6/GY3Fwyuq2Lqg4FnSksTnB7aEoj26TMpn/3ED/q1GyFqYd1lVm593yv9U CKxQBX6EX+RElmPA3EZznhf23Zi1plyYKu1MIubcNcdl6aqhbmVAWxITNAeI1AO4iMKP 0th1syYjyatY5L19H4damqAIlWUbWZQuBe+SATmIl8axF+l23EAn74+jOfXdBu2HD0IL N9fQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770997351; x=1771602151; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=LQjbZYQZJTpimUDqsaGOgPqRU377uX2Fj/Uz5C+q+PY=; b=R16Dr3/uFWukDxdHHkCh+tXpDo0yf794wXCmkb+T4gOLtUuCvvLZWqlOcKlcvuNC5n aITzBU1TQ9rX/6LVGxwiS9oVdoQXof07/m4xoLI7WpxzAO9xlZpP2SVoiIzgcpECqtjk xKjXSuVp6O0wi7Gif002tL4BrIC/yTKNMs6914VFZscpL4XBYoWyDNwqkhAxAm00SUnF L1Kd53ULXyfuV5MUic58ty+QXTfZa/AwQNPVGg3ghfm+vUDdRBEktRDPvrB8TtULrZEr S6SLK9J9bb/IgVZlYec+sZbxvNy2Co+QF8ynDDxZ+wI4XLmgs0OWv/7OMk4Wq2pZd10C Qe/g== X-Gm-Message-State: AOJu0Yzh/lUWv9AKREkOOZqNPXTRDy3W+qzubXfGHW20uXXho+18Vljt 2JP2253ipA0DSg5rTC9As6bamUvNOHAt+febLuIW/2jyHk0KZEBjkRyQuC4qiA== X-Gm-Gg: AZuq6aI38bBXmz4KY//F0ZflL8nGOXyGIXYcxWF5Cq1rG8bZaEWURAH3FDNJesBOgzY QNcirXM9fcO4Q1YHiHmC4SCrHRx1zitKmuGlMpD51bAU/kJPZLgbUyjoIP1mEZQNiSlvZBkOxhi UrCuY6ExBsZ0o3c/y5sBbIWQy9x6gyTgSgaNxKQaCKpc0IeBLv7R9NKyrgkbiuzVDIU1LiLnSNK YcfZON1cuCQ7lpFsZ0TF59lFGAOYQiCjFxQmBJmFL+CQaZPZD/TGby8oVYgYbZP8cwomT/uft9v D+/+2oNeVB9syq42raV1Aq6O9nVQnklZwlNyMlrisAjS8G/8KcvDYdng8K4nTAk5TC1rLBrPvaS bh0zqYu8RtgPo+s9BkEgkyk/0SZNoxYHl+yXexb5NarOTUMYfu91/vDdL/jnRvSvvuEH4pxpfkV Fg8NuFJZKl+HPlVVL101DR X-Received: by 2002:a05:6000:228a:b0:437:65ff:e83 with SMTP id ffacd0b85a97d-437978dc178mr4023490f8f.20.1770997350677; Fri, 13 Feb 2026 07:42:30 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a6c1b4sm5807957f8f.14.2026.02.13.07.42.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Feb 2026 07:42:30 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-networking][kirkstone][PATCH 1/5] ez-ipupdate: patch CVE-2003-0887 Date: Fri, 13 Feb 2026 16:42:25 +0100 Message-ID: <20260213154229.1329476-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Feb 2026 15:42:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124390 Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887 The vulnerability is about the default (example) configurations, which place cache files into the /tmp folder, that is world-writeable. The recommendation would be to place them to a more secure folder. The recipe however does not install these example configurations, and as such it is not vulnerable either. Just to make sure, patch these folders to a non-tmp folder (and also install that folder, empty). Some more discussion about the vulnerability: https://bugzilla.suse.com/show_bug.cgi?id=48161 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj (cherry picked from commit dd81ffdb685bd9c2ce1b27d0e5ff3f8e5551e3ad) Signed-off-by: Gyorgy Sarvari --- .../ez-ipupdate/ez-ipupdate_3.0.11b7.bb | 7 + .../ez-ipupdate/files/CVE-2003-0887.patch | 158 ++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch diff --git a/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb b/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb index 8648f2e0e6..4287bf7d3d 100644 --- a/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb +++ b/meta-networking/recipes-connectivity/ez-ipupdate/ez-ipupdate_3.0.11b7.bb @@ -9,8 +9,15 @@ SRC_URI = "http://sourceforge.net/projects/ez-ipupdate/files/${BPN}/${PV}/${BPN} file://cache_file.c.patch \ file://conf_file.c.patch \ file://wformat.patch \ + file://CVE-2003-0887.patch \ " SRC_URI[md5sum] = "525be4550b4461fdf105aed8e753b020" SRC_URI[sha256sum] = "a15ec0dc0b78ec7578360987c68e43a67bc8d3591cbf528a323588830ae22c20" inherit autotools pkgconfig + +do_install:append(){ + install -m 0744 -d ${D}${localstatedir}/lib/ez-ipupdate +} + +FILES:${PN} += "${localstatedir}/lib/ez-ipupdate" diff --git a/meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch b/meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch new file mode 100644 index 0000000000..53aa355008 --- /dev/null +++ b/meta-networking/recipes-connectivity/ez-ipupdate/files/CVE-2003-0887.patch @@ -0,0 +1,158 @@ +From cd8fa738b0ed3b5fb89ac00068fdc2e20c1b6169 Mon Sep 17 00:00:00 2001 +From: Gyorgy Sarvari +Date: Mon, 2 Feb 2026 14:03:01 +0100 +Subject: [PATCH] CVE-2003-0887 + +The vulnerability is about exmaple config files placing cache files +into a world-writable directory (/tmp) instead of something more +secure. + +This patch changes this path to /var/lib/ez-ipupdate, which is +not world-writable by default. + +CVE: CVE-2003-0887 +Upstream-Status: Inactive-Upstream [lastcommit: 2002] +Signed-off-by: Gyorgy Sarvari +--- + example-dhs.conf | 2 +- + example-dyndns.conf | 2 +- + example-dyns.conf | 2 +- + example-easydns.conf | 2 +- + example-gnudip.conf | 2 +- + example-heipv6tb.conf | 2 +- + example-justlinux.conf | 2 +- + example-ods.conf | 2 +- + example-pgpow.conf | 2 +- + example-tzo.conf | 2 +- + 10 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/example-dhs.conf b/example-dhs.conf +index 3fe9a04..f976ae5 100755 +--- a/example-dhs.conf ++++ b/example-dhs.conf +@@ -11,7 +11,7 @@ host=mydomain.whatever.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-dyndns.conf b/example-dyndns.conf +index f539dec..84b4807 100755 +--- a/example-dyndns.conf ++++ b/example-dyndns.conf +@@ -19,7 +19,7 @@ max-interval=2073600 + #cache-file=/etc/ez-ipupdate.cache.eth1 + + # for the mean time we'll just use a cache file in the temp directory +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-dyns.conf b/example-dyns.conf +index 868768d..856a4d7 100644 +--- a/example-dyns.conf ++++ b/example-dyns.conf +@@ -11,7 +11,7 @@ host=myhost + #interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-#cache-file=/tmp/ez-ipupdate.cache ++#cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-easydns.conf b/example-easydns.conf +index 0ff20da..15d9b78 100755 +--- a/example-easydns.conf ++++ b/example-easydns.conf +@@ -11,7 +11,7 @@ host=mydomain.whatever.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-gnudip.conf b/example-gnudip.conf +index 3b2fb63..d09df1f 100755 +--- a/example-gnudip.conf ++++ b/example-gnudip.conf +@@ -15,7 +15,7 @@ max-interval=2073600 + #address=0.0.0.0 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-heipv6tb.conf b/example-heipv6tb.conf +index e31aa9c..3ebc822 100644 +--- a/example-heipv6tb.conf ++++ b/example-heipv6tb.conf +@@ -18,7 +18,7 @@ max-interval=2073600 + #cache-file=/etc/ez-ipupdate.cache.eth1 + + # for the mean time we'll just use a cache file in the temp directory +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-justlinux.conf b/example-justlinux.conf +index 0afeb2c..28b3327 100755 +--- a/example-justlinux.conf ++++ b/example-justlinux.conf +@@ -11,7 +11,7 @@ host=mydomain.penguinpowered.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-ods.conf b/example-ods.conf +index d0ff889..7b16f2c 100755 +--- a/example-ods.conf ++++ b/example-ods.conf +@@ -11,7 +11,7 @@ host=mydomain.ods.org + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-pgpow.conf b/example-pgpow.conf +index 29a92d6..81e351b 100755 +--- a/example-pgpow.conf ++++ b/example-pgpow.conf +@@ -11,7 +11,7 @@ host=mydomain.penguinpowered.com + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it +diff --git a/example-tzo.conf b/example-tzo.conf +index 2a71db3..10b8dc4 100755 +--- a/example-tzo.conf ++++ b/example-tzo.conf +@@ -15,7 +15,7 @@ max-interval=2073600 + interface=eth1 + + # if you use run-as ensure the user has permission to write this file +-cache-file=/tmp/ez-ipupdate.cache ++cache-file=/var/lib/ez-ipupdate/ez-ipupdate.cache + + # uncomment this once you have everything working how you want and you are + # ready to have ez-ipupdate running in the background all the time. to stop it From patchwork Fri Feb 13 15:42:26 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 81079 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C24DEDF176 for ; Fri, 13 Feb 2026 15:42:34 +0000 (UTC) Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.74624.1770997353249730171 for ; Fri, 13 Feb 2026 07:42:33 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=mjiqO/jK; spf=pass (domain: gmail.com, ip: 209.85.221.45, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-436263e31abso1002607f8f.1 for ; Fri, 13 Feb 2026 07:42:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770997352; x=1771602152; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=GqCwEPL5SYQssa7JrIGpelCWXCHQOGs76fF92jmmJ2A=; b=mjiqO/jK50jaRSblcfTETEUQ9N1vkIftIfugqGO/ZUvj1V66s4M8Cxn0Hjp819hd7c 8qPOKp7f/xjqQQcgfNJzPAPlJ6HcsgiJP+ojbtc/PTiff2O1tFcAl8eJ5Nc4rzRBiAFt iBMD9PVSJNij/6+VX6VKHSojEA8oPE+XK5R2Yn4R+pDgYkpfB2O9oyhUdICt2+HJk/Uo GUkofk23p68T5DUnKa4Cv7uHAFwoJz5UJaqSSgWXGNGfM6z+x0SOvYhtGb8bJIAsEtTJ yXBXkNZQQjj6V7UXY/vCCSBceFZj2qf62YcZpGL4MmWFW05H972posULr/SOxcsdGaOA /yDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770997352; x=1771602152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=GqCwEPL5SYQssa7JrIGpelCWXCHQOGs76fF92jmmJ2A=; b=YCcDcG6bs+gR8ihXHLpbzmcags5mdsvFiSbNQ7yCDQKT061gXR2DtTwfG8pkcx7bqV f1QZdYFj8PiPM4E6HNthS4T8VRASDGbHXkPi3aFLcZyfGexatslBjVBcWi8vux1z9tiU 8/QiIs5bBsWx57Rs6daVPuuVkklbso0XZpZI5rloQ9+PVfxTRW7YK3Vi9lq/qAQoV//k gVtCk+wFZxHogElfasbNqa0AuXDbZ4AoiC5sWf6EFxTYFXDHnRc68ITwPnzAMqX+kjrW 1+jolDVYtKwoNODaL2m+ot+iU8bG53tS2I/+Jn1p7enNLjIlzV9N34bxj+SUKm3LeKZw 6AUA== X-Gm-Message-State: AOJu0Yz0HvAyCAzUVb35bEKHw4ylqTcYeXT7OAq7uQ7MbEJpmHhIj6ue 9SFgdoedFe/oTuBM97iQSmbSVIqmGOjMjkgElv2XwYgoVxZp69BtO3/sJvIxTg== X-Gm-Gg: AZuq6aI4Y9WSIsFmCh0RPcDsgcbSYVVrMgzRCSUQA2UrSVtxIiDHPynwS+GlbUesikP uYXZ5rxATZ7TZ8rSLqq2u4ru9JXkiwYzEeUL1/D7eZyZPdTHauz1zqG5r6PeRC2lRt+OSdHgkdr p6uxiO7AYzkWrNPsa7TZLGswM1CLYjqXMNxQL0US5qWsdOld9AvyZ5xlrHLb2cGhdMZi2uf82Kn MVqzk2ibjHT8uAT47NYMRqVH23K6Kiqqnvved4Y8qx3wPWN9ZWM00zHe5OLlGjU7v77F7cNeIRt Nzq3TRzpBL7HzEQ668DgBZHtB/+G8tZ69pQuVaNwiFYUb4BuZD9yRA6i0sH/DSMdLyUmYE6qhJk IKdtB155D8L7tkTZh/KaM6R7OM+PI1wjAavYcsu1eB7eLvW5g0zIwqNAV05YiiDJ5BAP8rZxo+I wn026eQsO3VX9Y3ssJaqTm X-Received: by 2002:a05:6000:603:b0:436:3483:5c8 with SMTP id ffacd0b85a97d-4379791ce00mr4369678f8f.50.1770997351453; Fri, 13 Feb 2026 07:42:31 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a6c1b4sm5807957f8f.14.2026.02.13.07.42.30 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Feb 2026 07:42:31 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-multimedia][kirkstone][PATCH 2/5] libeml: patch CVE-2015-8791 Date: Fri, 13 Feb 2026 16:42:26 +0100 Message-ID: <20260213154229.1329476-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260213154229.1329476-1-skandigraun@gmail.com> References: <20260213154229.1329476-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Feb 2026 15:42:34 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124391 Details: https://nvd.nist.gov/vuln/detail/CVE-2015-8791 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari --- .../libebml/libebml/CVE-2015-8791.patch | 29 +++++++++++++++++++ .../recipes-mkv/libebml/libebml_1.3.0.bb | 10 +++---- 2 files changed, 34 insertions(+), 5 deletions(-) create mode 100644 meta-multimedia/recipes-mkv/libebml/libebml/CVE-2015-8791.patch diff --git a/meta-multimedia/recipes-mkv/libebml/libebml/CVE-2015-8791.patch b/meta-multimedia/recipes-mkv/libebml/libebml/CVE-2015-8791.patch new file mode 100644 index 0000000000..e007e2fb92 --- /dev/null +++ b/meta-multimedia/recipes-mkv/libebml/libebml/CVE-2015-8791.patch @@ -0,0 +1,29 @@ +From 22b87d8217606d891e73fc59a598bae830e61d65 Mon Sep 17 00:00:00 2001 +From: Moritz Bunkus +Date: Tue, 20 Oct 2015 14:49:44 +0200 +Subject: [PATCH] EbmlElement: don't read beyond end of buffer when reading + variable length integers + +CVE: CVE-2015-8791 +Upstream-Status: Backport [https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90] +Signed-off-by: Gyorgy Sarvari +--- + src/EbmlElement.cpp | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/EbmlElement.cpp b/src/EbmlElement.cpp +index 4b96d06..0969468 100644 +--- a/src/EbmlElement.cpp ++++ b/src/EbmlElement.cpp +@@ -149,6 +149,11 @@ uint64 ReadCodedSizeValue(const binary * InBuffer, uint32 & BufferSize, uint64 & + // ID found + PossibleSizeLength = SizeIdx + 1; + SizeBitMask >>= SizeIdx; ++ ++ // Guard against invalid memory accesses with incomplete IDs. ++ if (PossibleSizeLength > BufferSize) ++ break; ++ + for (SizeIdx = 0; SizeIdx < PossibleSizeLength; SizeIdx++) { + PossibleSize[SizeIdx] = InBuffer[SizeIdx]; + } diff --git a/meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb b/meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb index 744486fa2a..9caf25205b 100644 --- a/meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb +++ b/meta-multimedia/recipes-mkv/libebml/libebml_1.3.0.bb @@ -2,11 +2,11 @@ SUMMARY = "libebml is a C++ libary to parse EBML files" LICENSE = "LGPL-2.1-only" LIC_FILES_CHKSUM = "file://LICENSE.LGPL;md5=7fbc338309ac38fefcd64b04bb903e34" -SRC_URI = "\ - http://dl.matroska.org/downloads/libebml/libebml-${PV}.tar.bz2 \ - file://ldflags.patch \ - file://override-uname.patch \ -" +SRC_URI = "http://dl.matroska.org/downloads/libebml/libebml-${PV}.tar.bz2 \ + file://ldflags.patch \ + file://override-uname.patch \ + file://CVE-2015-8791.patch \ + " SRC_URI[md5sum] = "efec729bf5a51e649e1d9d1f61c0ae7a" SRC_URI[sha256sum] = "83b074d6b62715aa0080406ea84d33df2e44b5d874096640233a4db49b8096de" From patchwork Fri Feb 13 15:42:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 81081 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DFB0EDF17C for ; Fri, 13 Feb 2026 15:42:44 +0000 (UTC) Received: from mail-wr1-f44.google.com (mail-wr1-f44.google.com [209.85.221.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.74625.1770997353835292743 for ; Fri, 13 Feb 2026 07:42:34 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Yvb3fx3F; spf=pass (domain: gmail.com, ip: 209.85.221.44, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f44.google.com with SMTP id ffacd0b85a97d-436e8758b91so852003f8f.0 for ; Fri, 13 Feb 2026 07:42:33 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770997352; x=1771602152; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=IUnDPqYYmxishZSgbEK4MttbvIgun0nrchMsBNzKxGc=; b=Yvb3fx3FMMbybOY7FikXIPd+0zo3Qjju/Zd9aCDMgUdHwM6+OAKyyFn5+uKDdLsttF lgX1NzOV30BTU4bN5sY49AJE2NGLo4JfegDB0Yahak7c49tPGm1+BFmqF0D7PyqhUx5P ymJ8LYCnztCF3NOdSWlBx2HMKqZsR7dd0RI7xdQ7VA2yAZzsA6MspJtK7LXFioWdn8cq Uhhsm0g8s95+UERPE3AlYsHtqbnWDOlI6LymUth9K0WNeLIVLzZ5YTJhLy+IuZXFZ0Dt YM7Uyvmc0EVEuvMiBjFdyszTjU7E7/XEXPnp36ZdoGVYpbunuY4C87+Kghz22KmkARDX kzlg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770997352; x=1771602152; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=IUnDPqYYmxishZSgbEK4MttbvIgun0nrchMsBNzKxGc=; b=M5KsC/YPVnOl5Sgcm5LJlt9Bxzo2rJysk4Cixz4GWH07rmzy6MNjUUqJ1q37YNKnRA ZDq41+NGcahcBHT51P/vSf0bGj8CoSAXpvfPsAxpu3oAp7+fInvWMen4p3l3lKXpnsyt 73BDSiIm+aJ2SmI63ZMwzwPi1HfcsG1SfZR8/AnZpCPNFmDfz9bgWyVWIuBBdrPKNPO3 wZ77crCGbu6n9d7rSlehHxEF+zZ/zdHD1PMsW31s7VNB7KZehU/JpLh2yUu2ztuldM72 CD74mPALryANUrr8cfOx16dCtJyRYJHQL9lLoOLHjWi4DB9aPuvxqnHPpmJRdQuDneG5 oxIQ== X-Gm-Message-State: AOJu0YzZv5NsAXeCU2ynFngPyoVj3EhUNuu3iHwARDcFjC9BRjnO/vYi 0DxNqoG2hu0LTD52ElxxRTyuu0eyfYDei3D7GsUXcZYZBciwliWnJdyXYggniw== X-Gm-Gg: AZuq6aJtSdso5JnDSs+bMRYdkK07jrTDUx0jh7jLh5W9xc0x9P60EzrCZ0kJ/iPBjn2 jG6pXRE/d84ogl5jf/7zURH6swgyZANIT69wIJXxJmPgPOtRCp96GwdHdD3xHOZQjtras0mlCHn caeyi1Ubi6lFGni7aV/qjqJY6c4g3p9JFQQL9LrjfyxmJ4YEdDAcMnzQ2Jqu7T3rw0gncV+Yzjg RhGV+RBfjmN7/3+WJ6P7eheRQeHQRHo8hw8R/6cI2inXDpvASKRAx/wV9xyYIadVglhWzO3rBRC PjnmmAwaYjLu5Z5skpbFkmGA2c1c53HSC1O1zctH5ha88xHceWXhv9jG83EhMWzUl5hGgOmOg4S vIIPecQywLEti7gF7jN+bB7OxFj7zpg2xn0warTHzigzfI3jHh+XidocBC6KVmuWOTv0lMcW4Zi tg1TN1itBIRJ+Vel2kqu32 X-Received: by 2002:a5d:67c9:0:b0:437:9d2f:8bf1 with SMTP id ffacd0b85a97d-4379d2f8c30mr1418540f8f.38.1770997352156; Fri, 13 Feb 2026 07:42:32 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a6c1b4sm5807957f8f.14.2026.02.13.07.42.31 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Feb 2026 07:42:31 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 3/5] mercurial: ignore CVE-2022-43410 Date: Fri, 13 Feb 2026 16:42:27 +0100 Message-ID: <20260213154229.1329476-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260213154229.1329476-1-skandigraun@gmail.com> References: <20260213154229.1329476-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Feb 2026 15:42:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124392 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-43410 The vulnerability affects only the Mercurial Jenkins plugin, which is a different project. This CVE can be ignored in this recipe. Signed-off-by: Gyorgy Sarvari --- meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb b/meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb index 3abecc3054..d118fed6ad 100644 --- a/meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb +++ b/meta-oe/recipes-devtools/mercurial/mercurial_6.1.bb @@ -35,3 +35,5 @@ FILES:${PN} += "${PYTHON_SITEPACKAGES_DIR}" FILES:${PN}-python = "${nonarch_libdir}/${PYTHON_DIR}" +# The CVE is for Jenkins plugin, not the SCM +CVE_CHECK_IGNORE = "CVE-2022-43410" From patchwork Fri Feb 13 15:42:28 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 81082 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 0DF79EDF17B for ; Fri, 13 Feb 2026 15:42:44 +0000 (UTC) Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com [209.85.221.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.74626.1770997354939897918 for ; Fri, 13 Feb 2026 07:42:35 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=GaCYQK6j; spf=pass (domain: gmail.com, ip: 209.85.221.53, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f53.google.com with SMTP id ffacd0b85a97d-43767807da6so663395f8f.2 for ; Fri, 13 Feb 2026 07:42:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770997353; x=1771602153; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=uKWgP3zigrUFy5PZXdn4TiZsyx5tromN75RyQ8ifs+4=; b=GaCYQK6joGNvBysnu01Wvt48l2U7BW87W7s5BX/aePtgTnaBZHUMOynOJPQNTD+TTM bnQr3y9e64VQYDT4CmNieM9G2+Ge/LZED/HAJPJuqBEYqeLpmiYs48j9TsdvmosyPr8V 9vJlglukY+gMtPLUzakR8T1qOMrTAa55y2/bzv8V5hQEjn5TzhXDcf63iCT8y8kwgxu4 GVDn9jbIcymhXWIXARuvmxHPenDQi02D0m1uW/fOqONc30NExqvE+ouK+/pL/nzY46g7 JTiK/FeKtH7qvypdtz0YnB45vHIS6zakVMcthbA+BytDtXsVtGkT4nk0fnM2XLiegLe/ izaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770997353; x=1771602153; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=uKWgP3zigrUFy5PZXdn4TiZsyx5tromN75RyQ8ifs+4=; b=M2pebJTlaQEjxtluZFLyri7kA3bhvGl/UINfbNKAkKU8g1oak/Rfcw9uSTY2ez7P6Q L7/40/M02C+RP0r0Sqozq4r01/6nKVWnOkNkOXCIy2nK+O0QJrA/zofG6otUD++XjoHj zZgRThS+z7/n0XxDfDs7OqWm+arkrKg/Culeix5cPsXr/bej3HW2gHl+ncuhtThIpc+C MsyZWtpJ7ur+JsKXeUf8wiAtaBnB4gBoDYaTgrp+KDcedtsPN/lbO8RO7cutOuCQCFhO /dgP8s+2rhbFsnfm3eQREw/J/qXUuinoHsltG3P1w9r78u2cB1cjNouPcGTJb8vKivMh REfQ== X-Gm-Message-State: AOJu0Yx7KmaXxC58hxf6h2SZgyEBBXXPENlNScdCKwMKBi212RHU0rc9 xOoJx+vAHXk/QZ0scwuiJW9Q6FFeJsYVY1WXYExM9Heh7KUl/Wf7ybriLoJLHA== X-Gm-Gg: AZuq6aIGEDXYWMx4fBVCoJHjRWK8NdxDLYRYZNE18+O4uYi9Jm4Cd8bkdgkcEbchIK5 P4zhCno4Pqn6g3wQkUe132dtpWilzUxnUOzdRUwPeenXbGmjFp9sb4SBCpAgy0EJhGKneOqAzbO CxemAomzinw9RaZDEj0Tt/toBu9x5PJBMS6tUko2YNgpvyXfQu29sjMj6xN6xtk6SNH1BmTaEw/ 5vrABeiBFsdhwEAFdum8kKwuzP7OUF4iHly9VLcUcwplYKvNYZh0a5C3g4ciYCQtGuGW+IkaSN8 sxRbIM/F7IJ4UoRssIuE8PggbfE7TPR63h6aRpt7JX0OCv8LDq8FfUBL/5HvnU+LjXru85I3dVq Hi0cVvXtACoYcjDw4st1/znUUzY0NaH0Nb6RMaXJMmV2XPWFVtK+7BxQNnNtPWZnwdMlcZzz5yR uzIS2UdmJ3N7IIRMmLoRTL X-Received: by 2002:a05:6000:188e:b0:437:73a2:2d4c with SMTP id ffacd0b85a97d-437978c08ddmr4762800f8f.13.1770997353023; Fri, 13 Feb 2026 07:42:33 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a6c1b4sm5807957f8f.14.2026.02.13.07.42.32 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Feb 2026 07:42:32 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][kirkstone][PATCH 4/5] python3-django: upgrade 4.2.27 -> 4.2.28 Date: Fri, 13 Feb 2026 16:42:28 +0100 Message-ID: <20260213154229.1329476-4-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260213154229.1329476-1-skandigraun@gmail.com> References: <20260213154229.1329476-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Feb 2026 15:42:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124393 Contains fixes for CVE-2025-13473, CVE-2025-14550, CVE-2026-1207, CVE-2026-1285, CVE-2026-1287 and CVE-2026-1312 Signed-off-by: Gyorgy Sarvari --- .../0001-add-back-setuptools-support.patch | 0 .../{python3-django_4.2.27.bb => python3-django_4.2.28.bb} | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-django-4.2.27 => python3-django-4.2.28}/0001-add-back-setuptools-support.patch (100%) rename meta-python/recipes-devtools/python/{python3-django_4.2.27.bb => python3-django_4.2.28.bb} (83%) diff --git a/meta-python/recipes-devtools/python/python3-django-4.2.27/0001-add-back-setuptools-support.patch b/meta-python/recipes-devtools/python/python3-django-4.2.28/0001-add-back-setuptools-support.patch similarity index 100% rename from meta-python/recipes-devtools/python/python3-django-4.2.27/0001-add-back-setuptools-support.patch rename to meta-python/recipes-devtools/python/python3-django-4.2.28/0001-add-back-setuptools-support.patch diff --git a/meta-python/recipes-devtools/python/python3-django_4.2.27.bb b/meta-python/recipes-devtools/python/python3-django_4.2.28.bb similarity index 83% rename from meta-python/recipes-devtools/python/python3-django_4.2.27.bb rename to meta-python/recipes-devtools/python/python3-django_4.2.28.bb index fba21cd75f..5357d12338 100644 --- a/meta-python/recipes-devtools/python/python3-django_4.2.27.bb +++ b/meta-python/recipes-devtools/python/python3-django_4.2.28.bb @@ -3,7 +3,7 @@ require python-django.inc inherit pypi setuptools3 SRC_URI += "file://0001-add-back-setuptools-support.patch" -SRC_URI[sha256sum] = "b865fbe0f4a3d1ee36594c5efa42b20db3c8bbb10dff0736face1c6e4bda5b92" +SRC_URI[sha256sum] = "a4b9cd881991add394cafa8bb3b11ad1742d1e1470ba99c3ef53dc540316ccfe" RDEPENDS:${PN} += "\ ${PYTHON_PN}-sqlparse \ From patchwork Fri Feb 13 15:42:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 81083 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1529CEDF176 for ; Fri, 13 Feb 2026 15:42:44 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.74774.1770997355776150450 for ; Fri, 13 Feb 2026 07:42:36 -0800 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=j2UWNPpU; spf=pass (domain: gmail.com, ip: 209.85.221.52, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-43590777e22so701229f8f.3 for ; Fri, 13 Feb 2026 07:42:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1770997354; x=1771602154; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=NwamhEF9e9fOqWIKqkbGsUlcYoHeqMjwOxyAzLniHxE=; b=j2UWNPpU2paw3iMb13Wrpa6tbCOhK87TWRWWfQnvCe/M1cSgxibvS9qirZ71iuAMzl 70QsJN8ZIhbGEhMPhjqpyFuLxT779DAa+IOqcInBxo1yOD12qYzC+2tRwpTr6/6K6qW4 Ot1qGmDRjXLbIWN+RDs8tEm3faRlwdsc1oOe3A74U2J5Y/Q7KiTcmu7lUsxJxyjFuR38 JI17agbRLMgg+LiVYn4lHOyK2fYLeb2kNP9S7gO2WHhWitNJtCy7ETWr6ykAlQyYFv9G 45/CdiSRx+SeTTMxl+pu6h1KS7FGYLt+RNq3W6pSfxoQ0qEo91s1jX2/d+stnXs7KJ9A 6uRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770997354; x=1771602154; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=NwamhEF9e9fOqWIKqkbGsUlcYoHeqMjwOxyAzLniHxE=; b=LSSS5I/5Cef7ove2SUWJBPkykKUY4ZV7Qqfo21eDCSNSrYSv5DfLpf/X6khYZD4b87 X8jBrrWXPZraMqa+ffDzAewTXyYGo9T2+U4Cvz7pe1GNwJYdtLvfZq+/PVNIEKpJwX3U 5IN3Wu+sk60FkZKiJaLzRELa/0LLyXy4D8b68mwbXHO+n+Xwvp43p9PAJin/NEeGPFn6 wPhGOJ2VCuDMLuHBDjqQeG3L0b73PulSE0y5RSTW7ClIoDeJKgPAzuODBssUoaGvzTZe LxtGX4gBCm/1tmi/COOHdvQ/xLTmM5evvZ0hUcR2peXgy0HGvENcsdH0BXI+q5QOVa0e z1zQ== X-Gm-Message-State: AOJu0YyVSkOhVCZRhCtd39GR2IBQXkPXcK6X6n2MUSrO2VohJJUQqM9V Omx3Sc4KEbc231r0A58pS/++KXp5kGjsk51MsgUhcH3MablxpOQeOPOVv516Rg== X-Gm-Gg: AZuq6aIWeoyMt6A/t/oBGhgI4kY9GU5bDm4l3XHhx14bb7UEssSLwnC+vnb1Kq7hQS+ /HMQmAG/gZbfH+mB6M4yQl2Olc9y6aEnEM2qtrZ8i4YGcIf/h55EOA1UVQlWtjUjcAyzM9fWnj0 V8/+IpQYydFL8ZZBze5VBY1f6HEsNv89xDluk4XvXnk2bjZPfpKbreNZlzm0UhE6qnakvhOm2SH PmFQcKWErPwLmefc6Q8CW33gWyoFAK8DhCsGyJG2cyf5y8qQZFgCEYQU6pl34K/jy10gOcVLqTa sLp70KK/F1sWreu6nK9fXLF4KMMDsSSckOlBqIfWEThXmgojPGDgAL1viQrwV/aTiInaNbC3JOP eCfmus0S/Q2XRFfmG/fSaNmezUFLMecMmpzNjzJd2vspEIq3TNPkft1xTe96lqoCNCR+SEVdeF3 WUddWUdqUVax8LDEaqSwtX X-Received: by 2002:a5d:5846:0:b0:436:1b1:6cbd with SMTP id ffacd0b85a97d-437978c5dd2mr3956104f8f.6.1770997354011; Fri, 13 Feb 2026 07:42:34 -0800 (PST) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43796a6c1b4sm5807957f8f.14.2026.02.13.07.42.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 13 Feb 2026 07:42:33 -0800 (PST) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][kirkstone][PATCH 5/5] poppler: mark CVE-2022-38171 patched Date: Fri, 13 Feb 2026 16:42:29 +0100 Message-ID: <20260213154229.1329476-5-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260213154229.1329476-1-skandigraun@gmail.com> References: <20260213154229.1329476-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 13 Feb 2026 15:42:44 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/124394 Details: https://nvd.nist.gov/vuln/detail/CVE-2022-38171 This is the same as CVE-2021-30860, but that one was primarily filed against Apple software (and some other related projects). The patch that fixes this vulenrability is already added to the recipe, just extend its CVE tag Signed-off-by: Gyorgy Sarvari --- .../poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch index 4a8ea233c8..3990f4766b 100644 --- a/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch +++ b/meta-oe/recipes-support/poppler/poppler/0001-JBIG2Stream-Fix-crash-on-broken-file.patch @@ -7,7 +7,7 @@ https://github.com/jeffssh/CVE-2021-30860 Thanks to David Warren for the heads up -CVE: CVE-2021-30860 +CVE: CVE-2021-30860 CVE-2022-38171 References: https://nvd.nist.gov/vuln/detail/CVE-2021-30860