From patchwork Fri Mar 20 12:03:53 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 83976 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C2548108B90B for ; Fri, 20 Mar 2026 12:04:09 +0000 (UTC) Received: from mail-wr1-f45.google.com (mail-wr1-f45.google.com [209.85.221.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.10983.1774008239552771385 for ; Fri, 20 Mar 2026 05:03:59 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=IbgN5Qsp; spf=pass (domain: gmail.com, ip: 209.85.221.45, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f45.google.com with SMTP id ffacd0b85a97d-439b9cf8cb5so2525232f8f.0 for ; Fri, 20 Mar 2026 05:03:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1774008238; x=1774613038; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=SmQW4Ig6OqhnHrIcZcd2DsIUjud5oBXckEmNaj/x/V8=; b=IbgN5Qsp7Q7Y2fWozxa49sPsQPDTPlcjyjmGI+lG2Vvp2UJC2WvDZtCQzUrokrVKR8 A9hKwvOENaCqRkKdnSm8GmkaNNkiFQFdwPqqGcWyFIDqPytDd7IXZwQ8Sz8tbqWyOgDr 9yRhes2gsbr8BymD1pc5M9EVAajDDkrpYT99kaYBQnMrjbJuB2N9ofOwXPhSzepYNGab +lmUobitJD9hH2ZwujjXb32s4YDTCOHv8RMUygfBH67S9ETE8Irc1E9AMBYSI+rnD0lu NfWfj5PuQBpD+BVAkwvjEZ6lafmH7Bo/ytdWOkADYhixcEFPaw+GlyCBKrbayPl9vO5O NZJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774008238; x=1774613038; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=SmQW4Ig6OqhnHrIcZcd2DsIUjud5oBXckEmNaj/x/V8=; b=h+NZmdP51qUapIIA7TyR7ZK3oB21nBj7U8JJibYLOEEWrMwTUhYtm39Z+wj8BRFXSe CCXnDU77Ymt1Rk+KuFRa1tGSnRaLQ7CU8mH0LG0P5hKg3Vozuo2oAyiPx/4YlrY32aeM toR0DajzlFyfLusRZ09fOf04dATJ2WET6v66idyqmCsR3EXMlSJgYdQtTIaZF8zvGHH/ 526VNVATQlFrMorN9/TwJLmbqvFmK9wpkRZxO3zslccq3kmXtvu1xPuowp5t6Lyxd0Dn XhehJg+cgIXXfCxQuKr8GxUgA6MbtWtPZPJ0zZ+Uujg0CovzfSiNDU3IkVOqpvpIEt/7 lokw== X-Gm-Message-State: AOJu0YyByePvrLCww8kgOnt20v6XKoF8nNHXdxJZrfNelaXp4unngBS1 /zXT6ZXmk5r8MHPRH/EJ5OMrpPCt7xh7Oh/ExKLiuti44+jhZfCJw4V4YkbQXg== X-Gm-Gg: ATEYQzwEtHokpeUe/YLkjABlQUZJjk5DZp3SEMjQGNSbF1upigoA50E1JKw6RXh1vEN S2Z/qfmFEyRJM0OJlYfqu49j6z2OVDGqQu5jq+5CTVwRpM91LOxHMQlY/XxP1J16p//2OZgmKeo oADolwbzwhbxivKb/8+U/99/T010LzuU8S6NNolANsYl+EuiKlETLDyj405+goK1YrK7YTrcdXU qIXDwhHKccy8ngpsR3t8Dk+GGddFEHZD9/Mvwy8j2iTw2ASHRnPYKzHXMIUnT9BuCXgjyO7UWBz 50+btKPaRKazwYvYSdDBNmvWQUzoPDnjW48xzwh0gG+PaLewp+DNFQzvtFSadOcSdUtjraWdjwU GiNY/rG5tPsqF5svJCdNib+MihmM9GPVQkHHRJ5IDBiMd8JXX33TiLF8010xjNlYrV0PcITnk4F mpHz2q7QY7cyhxCb1sDvk0 X-Received: by 2002:a05:6000:40ce:b0:439:beb9:5a96 with SMTP id ffacd0b85a97d-43b6426b6a4mr5289258f8f.31.1774008237262; Fri, 20 Mar 2026 05:03:57 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43b644addfbsm6258558f8f.3.2026.03.20.05.03.56 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Mar 2026 05:03:56 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 1/3] python3-pyjwt: drop obsolete CVE_STATUS Date: Fri, 20 Mar 2026 13:03:53 +0100 Message-ID: <20260320120355.2973635-1-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 20 Mar 2026 12:04:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/125436 This CVE is now tracked with the correct version info by NVD. Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb | 1 - 1 file changed, 1 deletion(-) diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb index 28eceece97..96f060aa4e 100644 --- a/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb +++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.12.1.bb @@ -10,7 +10,6 @@ SRC_URI[sha256sum] = "c74a7a2adf861c04d002db713dd85f84beb242228e671280bf709d765b PYPI_PACKAGE = "pyjwt" CVE_PRODUCT = "pyjwt" CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly" -CVE_STATUS[CVE-2026-32597] = "fixed-version: fixed in 2.12.0" inherit pypi python_setuptools_build_meta From patchwork Fri Mar 20 12:03:54 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 83978 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id D48BA108B913 for ; Fri, 20 Mar 2026 12:04:09 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10986.1774008239878907509 for ; Fri, 20 Mar 2026 05:04:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=gamJuZns; spf=pass (domain: gmail.com, ip: 209.85.128.41, mailfrom: skandigraun@gmail.com) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-48334ee0aeaso16243315e9.1 for ; Fri, 20 Mar 2026 05:03:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1774008238; x=1774613038; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=HCHHxwMnAsgW+54NSX1gj1fT9CwNXpHBNuZe02WOHmY=; b=gamJuZnsFGB7r2GMfZINN7oN3PcFqzzsVjfQKjVdppsStLuw/NQiLBlw9Knur8x37k ipSCfmdECn2KYcZF/DuqBk5tYU3TyecRQIAAyXH8aYifAa/mNIhdMmYSPWmMgY8EXNTx GX03fcz0jtYbPvOvu464Jk4qDVIav4swIZDl/6PrBDVNpkbDZ6Jlma94b6u3klZceLWw yQylFjvrVIKeRFMn6qM+gdMNUllWVOb9eecvC6i4L40qc0/Rp+NVRLnyyiJrw6ixVJaK zzoYYTyuVmuFZeZzxDZrzblJfEH2+KQ/7CsxBp0tAOV2h4w9khZ/iJD/4qcBUpodaCGd fCpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774008238; x=1774613038; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=HCHHxwMnAsgW+54NSX1gj1fT9CwNXpHBNuZe02WOHmY=; b=XQwGhGwCdQiSDga2D7VA3gi0vhv1edwfyWG2Ve2+wqj5v8WgRR39Sr1p5OHubRfZjv BotvOo8VU3M7pLBS83XCwdGCVXMJS0NZ1xb5npbduNl+ApM9jTuOs7Dv3RofO3B4O9zJ ELY0u2Be6LnF36dd4qfYE9TWfyBjxDJ+fWRuljZz+f5i7mYo31+XhQEY4bpfmyZkQ32V tvV6QxPGm7Dg4jtGaDALdwlY3S+Sxw4I0Qru+W/65cNVdQ0FOwJDGXT+8/BofKBgK53w tFIgziaOmV7Q0iwqjgMqDzhT+O6qDPLp2mnWGEzLftAYRwXwHosV4D1Cbc4+4EWrgTtI DuIQ== X-Gm-Message-State: AOJu0Yw00htxxWoxrp+dmTRWRNei6RNgG7bvgocuHbROsPQaTAyYc5r/ I7FaMGBJ7tnGSKtUNU4mRe/PhP/XXadgRGdsAPmnzPsaOv0UEZjlAfHB/UXhMg== X-Gm-Gg: ATEYQzzMTxGV0/1dApacV7oQxCJx9cE1JZBHW3QB11U2+lmIJaPxjkBxFGlVJNRHXJW fIg4LOn6d5c7vsRTZD1ttXt/mHqdH1IiKffD0YVAdxZW7AUBbFEK83f1HVxC8/1CHdgbOm3wSkF akdhyD9xNNw0G6vS2OAp3xtoa2FX5jvKeWWxlztF70UDP+luaGoZ1lm96+uZZ9GMiGQPaKbS55L c9j33tko23W+blA2CBvbpeZwAOL48eFx4OAbO1zVDrIFSGENlsX5oU/7PetEzg/X3vxY9JcWKcF VPlFwkXNRwC0x0PhiPBCLMzq7esxT7Rse4Mq7tAI5cLjF+3IQeDFAwv3Dq+rSu2JH/FhZB8vl8l pZ+WRspiv2FUOM8iPTU7HN2ArJ+iRp0kPkMeeedu1vBuu30ivA13OzXCOkMIWyZ8rlUKESsCoom n4e25ifGswJfE9hOTUAzsyolTSS5A/JGg= X-Received: by 2002:a05:600c:4705:b0:46e:4e6d:79f4 with SMTP id 5b1f17b1804b1-486fee0e2ecmr41205115e9.15.1774008237945; Fri, 20 Mar 2026 05:03:57 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43b644addfbsm6258558f8f.3.2026.03.20.05.03.57 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Mar 2026 05:03:57 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 2/3] python3-lief: drop obsolete CVE_STATUS Date: Fri, 20 Mar 2026 13:03:54 +0100 Message-ID: <20260320120355.2973635-2-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320120355.2973635-1-skandigraun@gmail.com> References: <20260320120355.2973635-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 20 Mar 2026 12:04:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/125437 The CVE is now tracked with correct version info by NVD. Signed-off-by: Gyorgy Sarvari --- meta-python/recipes-devtools/python/python3-lief_0.17.3.bb | 1 - 1 file changed, 1 deletion(-) diff --git a/meta-python/recipes-devtools/python/python3-lief_0.17.3.bb b/meta-python/recipes-devtools/python/python3-lief_0.17.3.bb index 69e1d59956..fe954e1b32 100644 --- a/meta-python/recipes-devtools/python/python3-lief_0.17.3.bb +++ b/meta-python/recipes-devtools/python/python3-lief_0.17.3.bb @@ -13,7 +13,6 @@ SRC_URI = " \ " CVE_PRODUCT = "lief" -CVE_STATUS[CVE-2025-15504] = "fixed-version: the vulnerability is fixed since v0.17.2" PEP517_SOURCE_PATH = "${S}/api/python" From patchwork Fri Mar 20 12:03:55 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gyorgy Sarvari X-Patchwork-Id: 83977 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id C30C5108B911 for ; Fri, 20 Mar 2026 12:04:09 +0000 (UTC) Received: from mail-wr1-f42.google.com (mail-wr1-f42.google.com [209.85.221.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.10987.1774008240346700969 for ; Fri, 20 Mar 2026 05:04:00 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@gmail.com header.s=20230601 header.b=fspy8Xdf; spf=pass (domain: gmail.com, ip: 209.85.221.42, mailfrom: skandigraun@gmail.com) Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-43b48ac2727so1465699f8f.3 for ; Fri, 20 Mar 2026 05:04:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1774008239; x=1774613039; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=B1lD/XQzlQC0uIcNQ1U+s/8hxN27sNLRnWjZErULq6M=; b=fspy8Xdf8XQyN/Pp3shnAQ6IF4VKTi2yVFMtjhMjzNy9uQ97Y5r3Dk7oIDVWnq9vf0 5KUuAvhYPlSZN0GwoTMwcTl3Dk6M2OuT4S2+k05TEMXRvjSdosWvmnV6f1mm/KBwd/WV +1SGgETwApdKClzl4kQUEdyJVFJVVwBogRGPHNSmQflMKVaisn9imJAtsbY7Vva2i0is b6ceci6ql6XWuj/yNR3Kv5VbUQJHXNJposMoi5YKLnqZDxrsWuu0cXzWxXhzZBrgU2Bu llEwEqZ/NNnQtxjcLNuBjdxkKv8lgPU1XhA+pOllSVz3AZdlfDt07aiix96wxd4uVaUG Cmuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774008239; x=1774613039; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=B1lD/XQzlQC0uIcNQ1U+s/8hxN27sNLRnWjZErULq6M=; b=RrchaDKdHZYZIvIqrvq/LKZGrcgwtaGccgYlgXECF79PdFMRPAQrirMgQOTZ+O4ghh PnoUyT+hYm6TKtNdhXRd0fX1RfJA0C0+rmZjp25SZeBJ8qCCY1XKZCNYucggwm5mbhtz iMof8yqg7Q8LEUspxUsVzk4Gy7Cr7UQxLy7o73zgN6FI/piukRUTdDYXxystDQT+ez8U 0gL/z2vWW7e6Fd8JIJ4ng8XY8fsP81Nyn4gPQCZtzfbSsSvez/RD1+l/C9B2lP79dDEu jfK9h4SptW0KRTvLd9guDPSvdcoE29b1n1wzl2cUCX9BiGLhysunHRu+X0i8w0ZQVf6R qwSw== X-Gm-Message-State: AOJu0Yx8U12/VThndF+GbApmdisTp104mFyNciolDAuQ6fT1SfJpOjdk clD94f8+Pq5GFpCM/NyFop1DxKrefiAc9sup4NUxzDWSQHY8DJ6FViQSzQ+9NQ== X-Gm-Gg: ATEYQzyr4SjO28bXll8+H66zV3el3z02xokq4kAeCS1y73SGfcNdPI9INe+JfooN6x9 SiqONObJPX4obXzzXBsBoHQYRCKDHbZ6cdQIG5/vbh+qYIJfOaSUL+7dRVpiKg/rmciEDluz/hd 3+GqOPfeB1oSQBV7Ou2JGPmhxpm/n9xXWSmPv//m1qxqKTCE9jgfJN/4dAAbtwVNBS/Vu4ouMjJ OAS0rGJJcFm46QcrbyaVu9tV2/lw8GYibCauV3ZWT+vUaBz3Fm2tkc0cE42FrjQgGiWsoxlP+l4 alst8TKRmOdWA0mAm8xnTihqgpFm5LltBDRAbBWdu9k6XR1Tkart6i8ZIQ9Xp13SPElTN9tSNgJ dtUPlT4nmHgnkoaKhXRJZWetoTByn/YikcolV4kLVCqk5FA0wNN9dyvgEaYjaGyumFtUlwFZUy7 9LaecjNhyODSCo/gLNI9IR X-Received: by 2002:a05:6000:220b:b0:439:a958:4342 with SMTP id ffacd0b85a97d-43b6427d9c2mr4642319f8f.34.1774008238578; Fri, 20 Mar 2026 05:03:58 -0700 (PDT) Received: from desktop ([51.154.145.205]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-43b644addfbsm6258558f8f.3.2026.03.20.05.03.58 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Mar 2026 05:03:58 -0700 (PDT) From: Gyorgy Sarvari To: openembedded-devel@lists.openembedded.org Subject: [meta-webserver][PATCH 3/3] sthttpd: remove obsolete CVE_STATUS Date: Fri, 20 Mar 2026 13:03:55 +0100 Message-ID: <20260320120355.2973635-3-skandigraun@gmail.com> X-Mailer: git-send-email 2.53.0 In-Reply-To: <20260320120355.2973635-1-skandigraun@gmail.com> References: <20260320120355.2973635-1-skandigraun@gmail.com> MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Fri, 20 Mar 2026 12:04:09 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-devel/message/125438 The CVE is now tracked with the correct version info by NVD. Signed-off-by: Gyorgy Sarvari --- meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb | 2 -- 1 file changed, 2 deletions(-) diff --git a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb index 9ff1772531..9459670344 100644 --- a/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb +++ b/meta-webserver/recipes-httpd/sthttpd/sthttpd_2.27.1.bb @@ -56,5 +56,3 @@ SYSTEMD_SERVICE:${PN} = "thttpd.service" FILES:${PN} += "${SRV_DIR}" FILES:${PN}-dbg += "${SRV_DIR}/cgi-bin/.debug" - -CVE_STATUS[CVE-2017-10671] = "fixed-version: No action required. The current version (2.27.1) is not affected by the CVE."