From patchwork Fri Feb 27 12:03:19 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 82126
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AF102FD5323
	for <webhook@archiver.kernel.org>; Fri, 27 Feb 2026 12:03:31 +0000 (UTC)
Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com
 [209.85.221.46])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.94118.1772193806837559680
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:27 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=BFaskl6Q;
 spf=pass (domain: gmail.com, ip: 209.85.221.46,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wr1-f46.google.com with SMTP id
 ffacd0b85a97d-4398ebdf520so1921240f8f.0
        for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1772193805; x=1772798605;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:from:to:cc:subject:date:message-id:reply-to;
        bh=BTe8Ire8CFT/w/EU8c4JutNQego3CNpwH8fillQdhAM=;
        b=BFaskl6Q+R3Cuxg6iw9TRChbiZwWoN2sFjqZXW48AVeJp2rDTENnIPDGZsRo1Dqw9q
         Pn11/z7HtlWkwLBp/8WU7ytHux2rB2eS8H4ZPEtFcEIoi6/e4MeAEVJzHHeV/RilmNLt
         /UU69S51AGMfPFrmr8p1ZjQCu2zjrdZlz1M5I5etSjfu4cjGSO08sKxnxue5WeHAVv/n
         Myt1XPxyjf5iU1oq9nCgqbFPKjZUOoJ7oZ6wH9BdwZebgbJMfMNM4hwSEkwxYSoBG5SY
         r0TT/R49p7zGKovo7eeM2O2MUR3L+1o/w/DOLXKQo27xv3DbTgA2LZgK5PkbZw0s1PVI
         d57g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772193805; x=1772798605;
        h=content-transfer-encoding:mime-version:message-id:date:subject:to
         :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=BTe8Ire8CFT/w/EU8c4JutNQego3CNpwH8fillQdhAM=;
        b=DsGSbfDMKudi/4U9XmHK9AzXKJmxQ2+oThKzFW5Zf8FxeqevN5ki/AvPQCM4yvGC0R
         Ziz03N9x6z2rtEpuZlXZ6Xe4CTkQ7IEkR4iUDkHeOUnwVbXI/a/AiLEXeTIqsrK0nk56
         LCj1KyuWpEVdyryMRgTX8JeHb2QpnTJ7tjw39cdY5Tp5Qgwg5jQSBsB4V7Is+i7TzsSq
         eRf4OHlkv625wiL+kzEha+kRiuOgUd6qAzCuBM3t57UYSPq0snJm7oQMpUtM/SliM8RC
         8TlQZsJNdJtzbgurh560BYb1S7aQ9ux6hec+dvwq5WY+9K29A79dw4jumG1cR0FFogoF
         ZqmA==
X-Gm-Message-State: AOJu0YyzEK93/HcQpN+zfOlHqvieYnhMpdLY0q1mnwb8dIKOJESCc6tq
	hJCI0i8f4K7Nw+31UINcmoizogKG2bk7hgCe0EcMckXv77COedMPs9onSJB/6w==
X-Gm-Gg: ATEYQzwB4Q/EBxcIh29jgHYKLusWVAEJB4JDqJBAJXCR1GJrsnrZI5tEP+Z5WlvUJYI
	TcRF+3BI7Iog0fW6qetTUwe7sYr4j/q9ECOAWOgSxhOlEUuzcAbGBZ0uSs4Fsi9yfvfdE9OS3kc
	bsVoe6ev5/HeloFWRqlL5gqZaBLMIb86F9gkPnxo4zwQ/dlME7zIF4WpICgbd+SvvvnNx4dtn+I
	agFfmiQCkdjzbKzP8XOn+v6+FkGWKZ4jfBqa7GPr8+CsnloN/wOHZeD5FAyqQhVTIg1kLYMMUUk
	Dr2hzNyhdKKfg5guleQwTMLMjD0meHDXaiwohYY43BZBNSVjTERYmqDHXRIjf3Ba0ZhzMRc8MHX
	e9htgFVrNWzTTxJCiL4qWFPOvUF+r/AeC+y/8Bg/0dDvA9cEdLkbE5IWkO2azLzfwZ2TbRsU0sf
	plgvqi13g3MdmXQJTxskWY
X-Received: by 2002:a05:6000:2013:b0:439:8f6f:1b32 with SMTP id
 ffacd0b85a97d-439971fca67mr12596942f8f.25.1772193804791;
        Fri, 27 Feb 2026 04:03:24 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-4399c70ff6esm9829566f8f.12.2026.02.27.04.03.23
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 27 Feb 2026 04:03:23 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-webserver][kirkstone][PATCH 1/5] webmin: patch CVE-2025-67738
Date: Fri, 27 Feb 2026 13:03:19 +0100
Message-ID: <20260227120323.333696-1-skandigraun@gmail.com>
X-Mailer: git-send-email 2.53.0
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Feb 2026 12:03:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/124753

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-67738

Backport the patch referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../webmin/files/CVE-2025-67738.patch         | 37 +++++++++++++++++++
 .../recipes-webadmin/webmin/webmin_1.850.bb   |  1 +
 2 files changed, 38 insertions(+)
 create mode 100644 meta-webserver/recipes-webadmin/webmin/files/CVE-2025-67738.patch

diff --git a/meta-webserver/recipes-webadmin/webmin/files/CVE-2025-67738.patch b/meta-webserver/recipes-webadmin/webmin/files/CVE-2025-67738.patch
new file mode 100644
index 0000000000..3fb71fec37
--- /dev/null
+++ b/meta-webserver/recipes-webadmin/webmin/files/CVE-2025-67738.patch
@@ -0,0 +1,37 @@
+From 21d9cbdc2b719e9d1349f14e03b5a041b476cce5 Mon Sep 17 00:00:00 2001
+From: Jamie Cameron <jcameron@webmin.com>
+Date: Wed, 29 Oct 2025 22:02:29 -0700
+Subject: [PATCH] Fix quoting of args
+
+CVE: CVE-2025-67738
+Upstream-Status: Backport [https://github.com/webmin/webmin/commit/1a52bf4d72f9da6d79250c66e51f41c6f5b880ee]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ squid/cachemgr.cgi | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/squid/cachemgr.cgi b/squid/cachemgr.cgi
+index b75f9427..41386d35 100755
+--- a/squid/cachemgr.cgi
++++ b/squid/cachemgr.cgi
+@@ -12,6 +12,7 @@ my ($mgr) = glob($config{'cachemgr_path'});
+ if (&has_command($mgr)) {
+ 	$| = 1;
+ 	my $temp;
++	my $args = join(" ", map { quotemeta($_) } @ARGV);
+ 	if ($ENV{'REQUEST_METHOD'} eq 'POST') {
+ 		# Deal with POST data
+ 		my $post;
+@@ -21,10 +22,10 @@ if (&has_command($mgr)) {
+ 		&open_tempfile($fh, ">$temp", 0, 1);
+ 		&print_tempfile($fh, $post);
+ 		&close_tempfile($fh);
+-		open(MGR, "$mgr ".join(" ", @ARGV)." <$temp |");
++		open(MGR, "$mgr $args <$temp |");
+ 		}
+ 	else {
+-		open(MGR, "$mgr ".join(" ", @ARGV)." |");
++		open(MGR, "$mgr $args |");
+ 		}
+ 	while(<MGR>) {
+ 		print;
diff --git a/meta-webserver/recipes-webadmin/webmin/webmin_1.850.bb b/meta-webserver/recipes-webadmin/webmin/webmin_1.850.bb
index 78ab19601f..a03f44437d 100644
--- a/meta-webserver/recipes-webadmin/webmin/webmin_1.850.bb
+++ b/meta-webserver/recipes-webadmin/webmin/webmin_1.850.bb
@@ -24,6 +24,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/webadmin/webmin-${PV}.tar.gz \
            file://0001-Object-names-cannot-contact-special-characters.patch \
            file://0001-Foreign-module-may-need-a-check.patch \
            file://0001-Add-missing-permissions-check-when-saving-allowed-cr.patch \
+           file://CVE-2025-67738.patch \
            "
 
 SRC_URI[md5sum] = "cd6ee98f73f9418562197675b952d81b"

From patchwork Fri Feb 27 12:03:20 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 82128
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id CDAB5FD9E2C
	for <webhook@archiver.kernel.org>; Fri, 27 Feb 2026 12:03:31 +0000 (UTC)
Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com
 [209.85.208.41])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.94119.1772193807863898377
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:28 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=mDbewCB8;
 spf=pass (domain: gmail.com, ip: 209.85.208.41,
 mailfrom: skandigraun@gmail.com)
Received: by mail-ed1-f41.google.com with SMTP id
 4fb4d7f45d1cf-65c01595082so3300599a12.3
        for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1772193806; x=1772798606;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=R0c9HyJG7QgCO3DZE8wvW1VLwOSaY1f0x3f2+t7dwrE=;
        b=mDbewCB8C9jsCexldvIiXW+8lHQ4GchaWoProp9ZeizUNeJFl40GmNfi978ZZgHn5I
         Hp/x9NvWX4jpK0RFoYr5xr3wgxjm4pC41G/4x6h1icNNFGCVyHNfHAtgoLzdFJnssGaM
         cj8SF/LsGmIuBWDSwjukMvT+tkPyXArEzFcjMoPp54LQLltlbdnxpixcNhp+Bz12nARK
         +5gd7wFk8V2qh77AjZf6otF5rNFqgMXI4MUD70jsR5JYKoaqxNd7VmW+tHi0i/YyMW45
         MBMXK5DKzvBSRB8znAeJ2HofTxvTUJqF7jJHJtbQIE4pFWT0QCqXoZgCkBiqqsR1PmOD
         gCxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772193806; x=1772798606;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=R0c9HyJG7QgCO3DZE8wvW1VLwOSaY1f0x3f2+t7dwrE=;
        b=rZzMEQMTbciG1GeGMz73u+jjAjiOOhsrAu8ixHdc9sPQbSVx9VnRar6kFuw8H0Dq7Z
         ZWKOjVOYn0aEO5c6wqt6IvdqwvitDFgd7S1LYPj9AL8qe28q8b1FvUhdjQIf39I2ihKe
         IcoCecuEtZfqIvSnsLriR37g+o9bXPbf+xep/LeYdJR1Yujt3App5YxXy3FzLwhzgIat
         s+DP7LrVaa5O0BOZ4bHKFI2ZxjFC82kAOZM6dvyN+TzA54Ad7VPgTMzmbrvHJv2ppSt0
         nHeRjtnBwg27ae+zJVV5EoYC8joXJtuNOtfcQhpCAfvYJ9r2eItiEqK32JFwUsqEDZhj
         Qi+A==
X-Gm-Message-State: AOJu0YxmC2yx5NCesi1xQqpBZzva+sQme5dAwd/E1nzgPxA2RoNLHx6M
	ffDH2fki9R6Kk0cAOpjvD9fNR2ApHiyvD668C/JqdqvLgY+T3fYcXXnjdROMnw==
X-Gm-Gg: ATEYQzzqxVirqHnNKqiighIUsUoi/Y+m+v9uE/3ePoj5M5gOGCnnhv5uYfCzdYLhGr6
	s5Z+UM24e513l5KAs9T2VIBUqj/NeM0QkYDCnZrmfg2Bj5R6nJKc2W1figU5Mls/gvSBhGiVivk
	mVpbmukZx0pdaI9hF2o7+tMmP0fqH9NCrWj+1gqTts/AADdvZjeZThETA+19CyPIjy0FUk/+Zjh
	0PJQAC6cG2veSLJRzARK290S8QVG93mmvXsIbow401y1R4PkYmLaiG87lgkzDrYTdzX2mfyJb64
	UF94tT9eHQvaF/W/qxtbuD2nBlsnwzNkvuuOphu9orxH4OfmdV+Iu2OZWnP3zTcCxO82ogoV38G
	7pjLkwQr6QVb+BwwZTUYMNaHSwEP9SGegON7yogSRF4u5S5h7iOglTXGvgnXkBzK6274Q5D6H1J
	PXJLzEnLbmc/scZeBCPeEv
X-Received: by 2002:a17:907:9450:b0:b93:6bb6:cb3d with SMTP id
 a640c23a62f3a-b9376573d38mr162924766b.58.1772193805842;
        Fri, 27 Feb 2026 04:03:25 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-4399c70ff6esm9829566f8f.12.2026.02.27.04.03.24
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 27 Feb 2026 04:03:25 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 2/5] quagga: patch CVE-2017-3224
Date: Fri, 27 Feb 2026 13:03:20 +0100
Message-ID: <20260227120323.333696-2-skandigraun@gmail.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260227120323.333696-1-skandigraun@gmail.com>
References: <20260227120323.333696-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Feb 2026 12:03:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/124754

Details: https://nvd.nist.gov/vuln/detail/CVE-2017-3224

Quagga is an abandoned project, but it is not without a successor.
Frr (or Frrouting) is a fork of Quagga, and they have fixed this
vulnerability. That patch from Frr was ported to Quagga.

The Frr patch mentions this CVE ID explicitly, and also Debian
has identified it as the correct patch[1].

[1]: https://security-tracker.debian.org/tracker/CVE-2017-3224

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 .../quagga/files/CVE-2017-3224.patch          | 90 +++++++++++++++++++
 .../recipes-protocols/quagga/quagga.inc       |  3 +-
 2 files changed, 92 insertions(+), 1 deletion(-)
 create mode 100644 meta-networking/recipes-protocols/quagga/files/CVE-2017-3224.patch

diff --git a/meta-networking/recipes-protocols/quagga/files/CVE-2017-3224.patch b/meta-networking/recipes-protocols/quagga/files/CVE-2017-3224.patch
new file mode 100644
index 0000000000..025f0b3e4f
--- /dev/null
+++ b/meta-networking/recipes-protocols/quagga/files/CVE-2017-3224.patch
@@ -0,0 +1,90 @@
+From 5e54975af4c6429f5e7bf9a29ff8425e131e92ca Mon Sep 17 00:00:00 2001
+From: Chirag Shah <chirag@cumulusnetworks.com>
+Date: Fri, 25 Jan 2019 17:21:24 -0800
+Subject: [PATCH] ospfd: address CVE-2017-3224
+
+Based on the vulnerability mentioned in 793496 an attacker can craft an
+LSA with MaxSequence number wtih invalid links and not set age to MAX_AGE
+so the lsa would not be flush from the database.
+
+To address the issue, check incoming LSA is MaxSeq but Age is not set
+to MAX_AGE 3600, discard the LSA from processing it.
+Based on  RFC-2328 , When a LSA update sequence reaches MaxSequence
+number, it should be prematurely aged out from the database with age set
+to MAX_AGE (3600).
+
+Ticket:CM-18989
+Reviewed By:
+Testing Done:
+
+Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
+
+CVE: CVE-2017-3224
+Upstream-Status: Inactive-Upstream [ported from frr, a fork: https://github.com/FRRouting/frr/commit/7791d3deab8f4bbee2ccdd98ea596617536bc681]
+Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
+---
+ ospfd/ospf_packet.c | 21 ++++++++++++++++-----
+ 1 file changed, 16 insertions(+), 5 deletions(-)
+
+diff --git a/ospfd/ospf_packet.c b/ospfd/ospf_packet.c
+index facba89..504df02 100644
+--- a/ospfd/ospf_packet.c
++++ b/ospfd/ospf_packet.c
+@@ -1936,9 +1936,20 @@ ospf_ls_upd (struct ospf *ospf, struct ip *iph, struct ospf_header *ospfh,
+       if (current == NULL ||
+ 	  (ret = ospf_lsa_more_recent (current, lsa)) < 0)
+ 	{
++          /* CVE-2017-3224 */
++          if (current && (lsa->data->ls_seqnum ==
++            htonl(OSPF_MAX_SEQUENCE_NUMBER)
++            && !IS_LSA_MAXAGE(lsa))) {
++              zlog_debug(
++                "Link State Update[%s]: has Max Seq but not MaxAge. Dropping it",
++                dump_lsa_key(lsa));
++
++              DISCARD_LSA(lsa, 4);
++              continue;
++          }
+ 	  /* Actual flooding procedure. */
+ 	  if (ospf_flood (oi->ospf, nbr, current, lsa) < 0)  /* Trap NSSA later. */
+-	    DISCARD_LSA (lsa, 4);
++	    DISCARD_LSA (lsa, 5);
+ 	  continue;
+ 	}
+ 
+@@ -1987,7 +1998,7 @@ ospf_ls_upd (struct ospf *ospf, struct ip *iph, struct ospf_header *ospfh,
+ 		if (NBR_IS_DR (nbr))
+ 		  listnode_add (oi->ls_ack, ospf_lsa_lock (lsa));
+ 
+-              DISCARD_LSA (lsa, 5);
++              DISCARD_LSA (lsa, 6);
+ 	    }
+ 	  else
+ 	    /* Acknowledge the receipt of the LSA by sending a
+@@ -1995,7 +2006,7 @@ ospf_ls_upd (struct ospf *ospf, struct ip *iph, struct ospf_header *ospfh,
+ 	       interface. */
+ 	    {
+ 	      ospf_ls_ack_send (nbr, lsa);
+-	      DISCARD_LSA (lsa, 6);
++	      DISCARD_LSA (lsa, 7);
+ 	    }
+ 	}
+ 
+@@ -2011,7 +2022,7 @@ ospf_ls_upd (struct ospf *ospf, struct ip *iph, struct ospf_header *ospfh,
+ 	  if (IS_LSA_MAXAGE (current) &&
+ 	      current->data->ls_seqnum == htonl (OSPF_MAX_SEQUENCE_NUMBER))
+ 	    {
+-	      DISCARD_LSA (lsa, 7);
++	      DISCARD_LSA (lsa, 8);
+ 	    }
+ 	  /* Otherwise, as long as the database copy has not been sent in a
+ 	     Link State Update within the last MinLSArrival seconds, send the
+@@ -2031,7 +2042,7 @@ ospf_ls_upd (struct ospf *ospf, struct ip *iph, struct ospf_header *ospfh,
+ 			  msec2tv (ospf->min_ls_arrival)) >= 0)
+ 		/* Trap NSSA type later.*/
+ 		ospf_ls_upd_send_lsa (nbr, current, OSPF_SEND_PACKET_DIRECT);
+-	      DISCARD_LSA (lsa, 8);
++	      DISCARD_LSA (lsa, 9);
+ 	    }
+ 	}
+     }
diff --git a/meta-networking/recipes-protocols/quagga/quagga.inc b/meta-networking/recipes-protocols/quagga/quagga.inc
index d368311d13..3534114a22 100644
--- a/meta-networking/recipes-protocols/quagga/quagga.inc
+++ b/meta-networking/recipes-protocols/quagga/quagga.inc
@@ -34,7 +34,8 @@ SRC_URI = "https://github.com/Quagga/quagga/releases/download/quagga-${PV}/quagg
            file://ripd.service \
            file://ripngd.service \
            file://zebra.service \
-          "
+           file://CVE-2017-3224.patch \
+           "
 
 PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'pam', d)}"
 PACKAGECONFIG[cap] = "--enable-capabilities,--disable-capabilities,libcap"

From patchwork Fri Feb 27 12:03:21 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 82125
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id AE375FD461F
	for <webhook@archiver.kernel.org>; Fri, 27 Feb 2026 12:03:31 +0000 (UTC)
Received: from mail-wr1-f53.google.com (mail-wr1-f53.google.com
 [209.85.221.53])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.94120.1772193808363662834
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:28 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=lCfqVxPb;
 spf=pass (domain: gmail.com, ip: 209.85.221.53,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wr1-f53.google.com with SMTP id
 ffacd0b85a97d-4398ebdf520so1921264f8f.0
        for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1772193807; x=1772798607;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=yaQK2UfiqwogXGySFF0bd4Q78YxPwXFhv+7HPgKyqyU=;
        b=lCfqVxPb9qQQUX3bh9CBGm9IuQ7vsORbmr5/S+ZBpHYfAR9qF3MCBf0cv6vnp+bw+t
         G7CShsd8GM9Ih+3C1BTodr3W0o/Ts0rht6VQnHENPqXSDabwXBjnE52JifJyxfTldaJG
         l9Awq+OUkOVFQbkoVOsZrh17ARU9fqifaaC1ZFMsmH4++75RRZ12/oM9Dx8cUFCNdBqe
         fjA9mYHmjUEFFZiMnLNqBItg5RuhkpsJrNUtcnGoe+VPzg91ivJFWfRw4N+S/Z4AvgBi
         niQT6ME/p60HqHsNX+T+ry6WkNbPn2VBPo5igPvtd/xSSFdH3B/WZSHyAL2tgt6aHFhN
         x+EQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772193807; x=1772798607;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=yaQK2UfiqwogXGySFF0bd4Q78YxPwXFhv+7HPgKyqyU=;
        b=AKikp9MoMeumVIqYNgg7cMWk95C5zrtJjbJToDqt8qqS7iSTAadRvAbR7+FgfvZBUC
         AL5vXHLRLkj9Uc30IHUyARrPTIZp85H+2mTP8GFEwunonDtORKEUKfwDdP1LTft7d4kS
         M56LJcj3qtNAHyfqlsXLkVNaIBy2wi2n9LcTvgbTImYo3XNAffZ5o30oJm+QTtJFUNoS
         DqcjE60rJQEt2AW5dLrp3pJYNIY01r4BycSfkTrh2ioSW1SOi4x4lBAGMHVajFfwLWnn
         AfdMLScLZp+cPZZq1jyrvTlMFDKyS87yVIPYeuNrz6HAmDaqi3UPSXisMUvjNpAiJTQC
         mrHA==
X-Gm-Message-State: AOJu0YxxCjkkrD3+pHNxpkkC1JgoQphUZEqXdDc52AmJPteti3k5jiZF
	gJvwyYYWskoYP7yIR5rVnbaEXL1vssrf7sgJpSe8aregcJNLpee8tJgjM9h/Bg==
X-Gm-Gg: ATEYQzyPg+SjLNykYFNt5Zs9tj4kxMp2RtO6cHg0iY3KVH2qPZgiPWYMi+wwcXjcyJL
	NGxzi7UnJEXA3jcBSHXojjK45rDPIgp+1iAgQ5d3yazlwu4dACa4igC6VgA/Vl7Wj+fGyUraZja
	iXRCe4n7JjBcbXyluPvNvaDDMecSEq8s8BwegYptJBOJWasIeeLcoGnfWuB6CwX2aK9f1vJO5XM
	y/zVHhyHXyW/h2kD8lMOILri5OindaVDbKi1p47TCLJWhajNxOVpNDmQl8er4q/+YATHJy7uwiF
	aappAGagbv0vbd18rWsPUwRJVPMoKh7+WUx/CZdjasv2z/B8pfoqwQVRz5nmlUhO1Rcx2BU+qRv
	pLdCy4nzdwHiyq5RsTqM0LXEzFRPz+Izas6pEW6KSLZ8/C6aeRysyUNZovuIM5efAp0DizNLDSA
	b+DDFWAHAH4cxU5Z2RdM8j
X-Received: by 2002:a05:6000:2f83:b0:436:34e6:7d8c with SMTP id
 ffacd0b85a97d-439971f1606mr11174056f8f.19.1772193806604;
        Fri, 27 Feb 2026 04:03:26 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-4399c70ff6esm9829566f8f.12.2026.02.27.04.03.25
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 27 Feb 2026 04:03:26 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 3/5] quagga: ignore CVE-2021-44038
Date: Fri, 27 Feb 2026 13:03:21 +0100
Message-ID: <20260227120323.333696-3-skandigraun@gmail.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260227120323.333696-1-skandigraun@gmail.com>
References: <20260227120323.333696-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Feb 2026 12:03:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/124755

Details: https://nvd.nist.gov/vuln/detail/CVE-2021-44038

The main point of the vulnerability is that the application
comes with its own systemd unit files, which execute chmod and chown
commands upon start on some files. So when the services are
restarted (e.g. after an update), these unit files can be tricked
to change the permissions on a malicious file.

However OE does not use these unit files - the recipe comes
with its own custom unit files, and chown/chmod isn't used
at all.

Due to this, ignore this vulnerability.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
index 984264a30f..713d7d95f3 100644
--- a/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
+++ b/meta-networking/recipes-protocols/quagga/quagga_1.2.4.bb
@@ -5,4 +5,5 @@ SRC_URI[sha256sum] = "e364c082c3309910e1eb7b068bf39ee298e2f2f3f31a6431a5c115193b
 
 CVE_CHECK_IGNORE += "\
     CVE-2016-4049 \
+    CVE-2021-44038 \
 "

From patchwork Fri Feb 27 12:03:22 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 82129
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C2497FD5323
	for <webhook@archiver.kernel.org>; Fri, 27 Feb 2026 12:03:41 +0000 (UTC)
Received: from mail-wr1-f51.google.com (mail-wr1-f51.google.com
 [209.85.221.51])
 by mx.groups.io with SMTP id smtpd.msgproc02-g2.94337.1772193811838702804
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:32 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=Lq3j22GK;
 spf=pass (domain: gmail.com, ip: 209.85.221.51,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wr1-f51.google.com with SMTP id
 ffacd0b85a97d-43989bd056bso1663061f8f.1
        for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1772193810; x=1772798610;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=b+rYnVPChWBD2aXSVyTVYr76+lG+wt1I80lunOmIWOQ=;
        b=Lq3j22GKBLV5qOrbGDZMvn7AnsLV7manY1skOMR+3Eya1Wpr5/rUmUhfXyPqUXBft/
         75OgFfXV8j/TW6KFRrGtM1b32io+HuHHWpRNKG533jMjJYESYbls22Sn0Mg7DYHYHXcO
         Cne9LaGfSvohnRD1yafhf2/nkTanl4AudMh41CDiGUCIFrUXsL5BkFbOf9gT9nqY5+Fe
         mqrDT3RB7l0lr99UhIysF2ebb+FfeBERxOh9IZ1Y3gJz2LPyHtbJS0z51ST5IG2OTqlo
         4J3jPip80qoMZt9txQsGN8dG4IuWF5O4cNitpZXmqmOcqrFIhYiDnqLxQrwbwwS/daYS
         b9TA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772193810; x=1772798610;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=b+rYnVPChWBD2aXSVyTVYr76+lG+wt1I80lunOmIWOQ=;
        b=kIL1IMAdofEagWhWxN7px56Q63d++PuafBuZCMSTcQmiN3RBUdCz/ows1IrLpcan4u
         JtGfvvbDfJFst3O2Gq7rVg04JlzOVdb1GyMmsOae7D3psKhAl0ph1Y8JEzZ5+LcNKWzi
         aoDoQeqv6Tm6lP4f29Iqf632y+Qngy8dZiHHwkA23hRZtyc9a7YRSyaKlrvRQYQERbH3
         uS138bLidZ+NnZlfyoXeRdLoCgp4NYuk5VFpWYLE5C48gHxjysixiOrcDwfLn72d62lx
         vjTOwOs+BAmbtxi9zH5gzbdbf6xEopo6ueWIjq+V7Jo71ONAE9s0WuJFEQ0YZaP5j2Yq
         e52w==
X-Gm-Message-State: AOJu0YzksRUhx7CGBf3xxP67OyaT5nMYJ3zPRbFQRkOas6KC1t6m6ws/
	5cIwd7orV4qz7U0MXeIT2O3qDLvy5I/vhVjSpIYi28X/T/bXPNomqnEY118u1Q==
X-Gm-Gg: ATEYQzxWRX7/GfrcrrFPGE4mM/ptNPSp8UTCUB7pO6lPX8TBpuY1h3+DUrBQmyq2yO8
	aViRSaXlDS+xbWHiA3GM3zVcewQizU9N1Z1z6iy1BCkS+HK+5Inbkni3WqF8ZdUPANqPkHbtXXR
	+bvUCjqkdix8OumuO04Z1HqCDLemthdVdF/QGxDkZc3nkTCy28rO+9oRlGQV7C6/fLl65/cRSv6
	kdM3GMSrjEjpSerOGieZZw1hmwTMCyvS65ibLx/iVV/vXmP4eCr3VsPVV8DT0mFaSgypqAm67GR
	XoXdKGxLqYmvPfIXKwfznZSbMh6Qxm7g2/q7puZlZtRENPhQjfZDL2ZPFQfn/iTmknln1uOPeDi
	kTKitRco9xv5sHFleRnpGSZujpWtTI6CwdTNxAdsfLqrFGfQrCGef7A5zdJpi9zPohsUZMiXgeA
	sudvLiZDf+RsSSd9estPiM
X-Received: by 2002:a05:6000:238a:b0:436:34c0:c9c1 with SMTP id
 ffacd0b85a97d-439971a63e0mr12468488f8f.6.1772193807422;
        Fri, 27 Feb 2026 04:03:27 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-4399c70ff6esm9829566f8f.12.2026.02.27.04.03.26
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 27 Feb 2026 04:03:26 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-networking][kirkstone][PATCH 4/5] ndpi: ignore CVE-2025-25066
Date: Fri, 27 Feb 2026 13:03:22 +0100
Message-ID: <20260227120323.333696-4-skandigraun@gmail.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260227120323.333696-1-skandigraun@gmail.com>
References: <20260227120323.333696-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Feb 2026 12:03:41 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/124757

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-25066

The vulnerable code was introduced in v4.12[1], and is not
present in the recipe version. Due to this, ignore the CVE.

[1]: https://github.com/ntop/nDPI/commit/b9348e9d6e0e754c4b17661c643ca258f1540ca1

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-networking/recipes-support/ntopng/ndpi_4.2.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-networking/recipes-support/ntopng/ndpi_4.2.bb b/meta-networking/recipes-support/ntopng/ndpi_4.2.bb
index 13c3398c2b..102f612c40 100644
--- a/meta-networking/recipes-support/ntopng/ndpi_4.2.bb
+++ b/meta-networking/recipes-support/ntopng/ndpi_4.2.bb
@@ -26,3 +26,6 @@ do_configure:prepend() {
 EXTRA_OEMAKE = " \
     libdir=${libdir} \
 "
+
+# vulnerability was introduced in v4.12
+CVE_CHECK_IGNORE = "CVE-2025-25066"

From patchwork Fri Feb 27 12:03:23 2026
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gyorgy Sarvari <skandigraun@gmail.com>
X-Patchwork-Id: 82127
Return-Path: <skandigraun@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org
 (localhost.localdomain [127.0.0.1])
	by smtp.lore.kernel.org (Postfix) with ESMTP id C03D0FD533E
	for <webhook@archiver.kernel.org>; Fri, 27 Feb 2026 12:03:31 +0000 (UTC)
Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com
 [209.85.221.45])
 by mx.groups.io with SMTP id smtpd.msgproc01-g2.94126.1772193810501421324
 for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:30 -0800
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@gmail.com header.s=20230601 header.b=GxOJrIGK;
 spf=pass (domain: gmail.com, ip: 209.85.221.45,
 mailfrom: skandigraun@gmail.com)
Received: by mail-wr1-f45.google.com with SMTP id
 ffacd0b85a97d-4398dd671daso2145509f8f.0
        for <openembedded-devel@lists.openembedded.org>;
 Fri, 27 Feb 2026 04:03:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1772193809; x=1772798609;
 darn=lists.openembedded.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:from:to:cc:subject:date:message-id
         :reply-to;
        bh=piqJAMniF2Byn9dP172F7pbT8NBoZFP5ph72uMWjtkc=;
        b=GxOJrIGKzVBely7P+dhX4mMPDbpequkrKLIUAo9PA5Z5pfI++A3gxYm9Gqrpj4mLf0
         QlkB8ufmX83gc9Pg4xXLzEc0i31/j0xj2rzLd3L/afN7XToVRwblYfJZGdMVrF7dg4kS
         CD72DfqtGL47FJXlmA3BAJqdul+LNa+KByt4icB4atfiSnVQaLobfauM+nNct2GGX10T
         u2T0A82dHvlxgUVwo5hwYvrGWrOXPwJgouLfGt/RUuAKZ7xTLNGLqXk1dxMz5bUDjRPa
         c58/1H5xTWkBiqmHmhW+Yq/145/COXResw19N+nEAeqpxaFZ/Fxr1eCt1vDf26g30VBo
         B0Xw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1772193809; x=1772798609;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to
         :cc:subject:date:message-id:reply-to;
        bh=piqJAMniF2Byn9dP172F7pbT8NBoZFP5ph72uMWjtkc=;
        b=pWlh4e7IVb4ALdl0/9zl9u4FhLkgvj1WGrtIQ6heg2cA7pIL93n0PdHuTyj4jwwA/+
         Nr+R43F2MCC1ScoBfkhtNsKzNicvP6emPJfjPF6mh6qu8PdEtecvKCXcB4z2OHQb4DND
         aTb+vUcjAOSbF9Qvo6pU12bavSZ7tE3sMjUTaADgUQuoEcsBDdpFbC3KoSGjOoB3B9LN
         vKbp/BuiTNImqAqWMspbDNE3J3UitjBoDqC/7sunqFUHa86OuuIsB5itCaisIBpLUcV1
         tu08PtNhII9Go1lHyZj2Z0ulYGAasfsInG/oSuaBRo8D8RkvxR487Yz0c06epfRRENhS
         +ytQ==
X-Gm-Message-State: AOJu0YxX/MR/843VUUfwo7Zdwr7BOlXPY1wojMtKYFPTLhDMbxfaa4c1
	x3Ln/+3gotk4CXDaJiMyR4Xl4dh99FpnD/6DgHyZDdu90EKYFDXwIJXEowkTug==
X-Gm-Gg: ATEYQzzd94Kz7W7gX0cbwvw6FcjUGK3XbxVpQilEngvWNREugiiTMHdIcauDO6vGJj5
	zp3kZ1PomUaLxbuyRwdjLHbKsbXRGBTf056yfd+ZVyLOkIXqusBQ5sDmsc6J4e/LpH9gJnBpfFe
	stqnGkQ1lzDAjXcNxu4Wp1+iNlNTrYA6rKbU99wpg5GXX8V4UdHlHMgsUXtbKcAIMjCRGTY1BaS
	U+w4cI248wkN22FrkLM6N6p3Ed5B0CBdK/Os6KztUDMdVAbJV+cK2eNVgStYQnXksag9WhjYZK5
	LgCteZOzpP4COW3H3u9lWtLvepLQKm+7ft7HgFL4QM5/LCCGY7fIBOnerhYhH/YiwJHEqOBDOV9
	vdCWqp0ksTSS7Dch1U/bBLu8ofd1mmRJhFyiotjHok49oEKX9yOBzP1/cX5k78fqCRNuQLXJtTp
	UsdI/53jnE7MIVACKozsNmfsSkkiJrzBY=
X-Received: by 2002:a05:6000:2f86:b0:437:677b:4a24 with SMTP id
 ffacd0b85a97d-4399de14bcfmr4287093f8f.15.1772193808350;
        Fri, 27 Feb 2026 04:03:28 -0800 (PST)
Received: from desktop ([51.154.145.205])
        by smtp.gmail.com with ESMTPSA id
 ffacd0b85a97d-4399c70ff6esm9829566f8f.12.2026.02.27.04.03.27
        for <openembedded-devel@lists.openembedded.org>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 27 Feb 2026 04:03:27 -0800 (PST)
From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][kirkstone][PATCH 5/5] python3-werkzeug: ignore
 CVE-2026-27199
Date: Fri, 27 Feb 2026 13:03:23 +0100
Message-ID: <20260227120323.333696-5-skandigraun@gmail.com>
X-Mailer: git-send-email 2.53.0
In-Reply-To: <20260227120323.333696-1-skandigraun@gmail.com>
References: <20260227120323.333696-1-skandigraun@gmail.com>
MIME-Version: 1.0
List-Id: <openembedded-devel.lists.openembedded.org>
X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com
 [45.33.107.173] by
 aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for
 <openembedded-devel@lists.openembedded.org>; Fri, 27 Feb 2026 12:03:31 -0000
X-Groupsio-URL: 
 https://lists.openembedded.org/g/openembedded-devel/message/124756

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27199

The vulnerability affects only the application on Windows operating system.
Due to this, ignore this CVE.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb
index 3c50d19173..9ea345c46a 100644
--- a/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb
+++ b/meta-python/recipes-devtools/python/python3-werkzeug_2.1.2.bb
@@ -45,4 +45,4 @@ RDEPENDS:${PN} += " \
 "
 
 # Windows-only vulnerabilities
-CVE_CHECK_IGNORE = "CVE-2024-49766 CVE-2025-66221 CVE-2026-21860"
+CVE_CHECK_IGNORE = "CVE-2024-49766 CVE-2025-66221 CVE-2026-21860 CVE-2026-27199"