From patchwork Thu Jul 9 10:06:17 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92104 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2E6ECC4450B for ; Thu, 9 Jul 2026 10:07:07 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5882.1783591621950841476 for ; Thu, 09 Jul 2026 03:07:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=jebyfySS; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-493b1710405so9952805e9.2 for ; Thu, 09 Jul 2026 03:07:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591620; x=1784196420; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=2QCFozG/Tceugm4ykmuPZuEoWjurn/3cErAXNO06G0I=; b=jebyfySSXBjArFBkciLQJhFPJT+f9YFK/JgK04il+0gLbiWliPiDiJvxm318yWLLBD czE9MmTBikPdy/FVzmFl6rYQlJmPIk5YgA0qTz24lFs+tUC2ExO1m//QRH0Bc8MSlEG4 YgoVliIyV5gDYU6kVCbeeLPTGHWAun2YiB3Jg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591620; x=1784196420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=2QCFozG/Tceugm4ykmuPZuEoWjurn/3cErAXNO06G0I=; b=PARhuxUhcqOZNlQmclQEowMUOsSK9yoXgSA20e/V9giIhzI5oIpLA4zgyclKApyodY DsWV3hCAl0wIZTslA602Ud4harMV3ABy+ZTmR90RzAPdjStkGn3XD/dQr9FlUIgXa+A2 DRCjzhA+WWA1JhRoApWt0HN8QcaUqMQhUnhqOWjuCYEE+3wJiKGFBauoxfnyXmSg7Jga 47D1oicqyDPGbQ/lZERhGmiisAMCMEn9TSspRG/670K3nwc3BpTiDtNfN/nXOMqmE2Ay NVovbVsFEa+B9lXSxfzwfqZ6pKTeSBUpPryfZNfNEDMjuEnFZF3fNd5lSOytvypltXaO X0kw== X-Gm-Message-State: AOJu0YxjPHApNxR4k4FWYUd5BHygTS4bEqVWFVBInbYcRIyzcIi/lX/Z Pa1MEzrOh8DYuHqsEBWcIrRfJfSym2lOGoxNO2ilqyPGUWKijjanzG2OaaPHUyEUFmYfQ5zMEi9 5H0r030Y= X-Gm-Gg: AfdE7ck+ObvcDDXYye9zfvfQE/VTf4g2gr9XfiELWE3SYmKnYJR5ADgwSkjGUxzIV7t JdM245ySzuma+C9pVgwSuJ4fQu6Iz+J3LXmTx9A80zb+BRyvGv/LD001a2N+RTOyjCkKqVZPa03 jjq+LLd6Ate/EifoPJfjoaBegFa5NWwt2daV429qHcgxCRjaIFVbl+IYi52rm2bs2o2dMaJ0lFa KggdJSyXqKdUFpkwi9v/i8ot2QL2yi3qrAhB2qnmd4Gy0JQmVyb2qwsF1hrSw8hEZ0aLwL/PYZZ WunrtUyX2bxPHFVvHMEblw9lMOZr8HyZRTUdmGTL2C7gpwjYSc0X26saXG9KRE+QURaiu/JLmk+ gGD8SpZhJnb/jVZxMLENSo6IbVdm/OaRVNTr965zPD2+X9TDvsLJLPSIv0ph3T3DLCO6MNErp6c eEYXMo5cxwCZkOY/VjlAIXjvL94AZtRsjSs88mFMYxw8nI5FaP9zwtc1tSFpbMpo+5+pm6XetbX jvhnLcK2NbYC8DHPg== X-Received: by 2002:a05:600c:4fd4:b0:493:b61c:72c3 with SMTP id 5b1f17b1804b1-493e6878b65mr60740895e9.32.1783591620060; Thu, 09 Jul 2026 03:07:00 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.06.59 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:06:59 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 01/25] libssh2: fix CVE-2026-55200 Date: Thu, 9 Jul 2026 12:06:17 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240548 From: Daniel Turull Backport patch to fix CVE-2026-55200. https://nvd.nist.gov/vuln/detail/CVE-2026-55200 Upstream fix: https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8 Tested with ptest: Before: PASSED: 3, FAILED: 0, SKIPPED: 0 After: PASSED: 3, FAILED: 0, SKIPPED: 0 Reviewed-by: Anders Heimer Signed-off-by: Daniel Turull (cherry picked from commit 42c8c6ec3066dc47b9eeeba0247ffa927193abff) Signed-off-by: Yoann Congal --- .../libssh2/libssh2/CVE-2026-55200.patch | 36 +++++++++++++++++++ .../recipes-support/libssh2/libssh2_1.11.1.bb | 1 + 2 files changed, 37 insertions(+) create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch b/meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch new file mode 100644 index 00000000000..9a71277cce4 --- /dev/null +++ b/meta/recipes-support/libssh2/libssh2/CVE-2026-55200.patch @@ -0,0 +1,36 @@ +From df0b03ee5ef12f3a46fccc0fc688ebfb91702972 Mon Sep 17 00:00:00 2001 +From: Will Cosgrove +Date: Fri, 12 Jun 2026 15:57:44 -0700 +Subject: [PATCH] transport.c: Additional boundary checks for packet length + (#2052) + +Add additional bounds checking on packet length to prevent OOB write. + +Credit: [TristanInSec](https://github.com/TristanInSec) + +CVE: CVE-2026-55200 +Upstream-Status: Backport [https://github.com/libssh2/libssh2/commit/97acf3dfda80c91c3a8c9f2372546301d4a1a7a8] + +Signed-off-by: Daniel Turull +--- + src/transport.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/transport.c b/src/transport.c +index e1120656..d147505b 100644 +--- a/src/transport.c ++++ b/src/transport.c +@@ -639,8 +639,12 @@ int _libssh2_transport_read(LIBSSH2_SESSION * session) + total_num = 4; + + p->packet_length = _libssh2_ntohu32(block); +- if(p->packet_length < 1) ++ if(p->packet_length < 1) { + return LIBSSH2_ERROR_DECRYPT; ++ } ++ else if(p->packet_length > LIBSSH2_PACKET_MAXPAYLOAD) { ++ return LIBSSH2_ERROR_OUT_OF_BOUNDARY; ++ } + + /* total_num may include size field, however due to existing + * logic it needs to be removed after the entire packet is read diff --git a/meta/recipes-support/libssh2/libssh2_1.11.1.bb b/meta/recipes-support/libssh2/libssh2_1.11.1.bb index 2284d054b10..d6ee97f7ed0 100644 --- a/meta/recipes-support/libssh2/libssh2_1.11.1.bb +++ b/meta/recipes-support/libssh2/libssh2_1.11.1.bb @@ -11,6 +11,7 @@ SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ file://run-ptest \ file://0001-Return-error-if-user-KEX-methods-are-invalid.patch \ file://CVE-2026-7598.patch \ + file://CVE-2026-55200.patch \ " SRC_URI[sha256sum] = "d9ec76cbe34db98eec3539fe2c899d26b0c837cb3eb466a56b0f109cabf658f7" From patchwork Thu Jul 9 10:06:18 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92099 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86A0AC43458 for ; Thu, 9 Jul 2026 10:07:06 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5800.1783591622486099696 for ; Thu, 09 Jul 2026 03:07:02 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=SBS2bflc; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-493d1e8aa46so12971905e9.0 for ; Thu, 09 Jul 2026 03:07:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591621; x=1784196421; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=nunWGqkYZGtZ8pHrMPrwjawo5ti5Ws4QWQyt8QyccU4=; b=SBS2bflcVjl5oPiXBM5zoisN7dJhgSS1hV0/wwP1R64KgZ86a6FVz7FuwnKeitO4eD B65wPAcevWfA9htTn/zPJNyY1ZwnYCfPz2q9RA6HK6Wcs6Vp++fdu2AywT2U/lQMCsj9 QrG19PXjx37I2vf0eRxl127E/eUAAs6Y7Y/Ns= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591621; x=1784196421; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=nunWGqkYZGtZ8pHrMPrwjawo5ti5Ws4QWQyt8QyccU4=; b=DerFM7CTgWRdBXe0SLbTgknFMG2tJYMWpXiP+oRkpOWN+zJGQPIHnIqjseyTPAJGOx IPLVAQ0MNiGSzwzUfxyBvEk62tvrL2JrBHnrFzofrDKRae2monS+luq/8+ca0nag/on1 IX3EvpkYYj6HBOlUBKlXbU6l8Xe0cgcx6rv/08UKHgCbPMegQ0aTVcrDnuawavqJ2PuX +MTo6Cp5tS2Zx2yrmH+Vvf9lvRf/9cCUKH57NyfZVDrbLF+XyzU9YH/ed8K6FE/3BKgA OmKBUQKfYvalQgezlwMghEKdG9zDCYs4M/UstG4J+h7ZzTlSrdB7Ay8gcA2c5wbiTbNP PCiw== X-Gm-Message-State: AOJu0YyWRS+ER7i8di8R1okWJPnpAk5nnEZdV5vY7yMa6L1vY+Li2TXM NowbHooYZw9TwWjlmrTwihIhz9lUOueDRkXrYkSMJ+ku9pReifnbSucDAUDy/hz5Nynh5i6NTvO Pu6WkGB8= X-Gm-Gg: AfdE7cmaVfeGloBaZxmu0Ssfhktz8FuaQyZx7sBZrM+rM5LL4E+S0+TVOCMlu5DonLC n2YZQ40nJyFzc5pHuyM0UVOQgc5pJJWnq9fC3A7KV8ysUJsT+mYRlv2CrvePRP7krxGXh77qfVN uyI8mAqGVal+F8aPQKoQ2LlNZVLC//aNuK6qsIxbD5ykIvNEPWyKXoUpww5Gn48EQJfJ6690ZrR CWFRebag3eb2N3FoKpRc2418WkSeNQ1h6ltReFA6t0Eqw+79HcOH+iQh6XITzZyOwdM/fm4d8Lh RT3hm02zteQI9DFnmD7dj9/Llkg2mt60PfZ9rU5X+YGuFkiUOBfCz+XT9HNsDhBOaedize3l4lf oPFvDN6XaHrkdeTwWN1dtMg94VTutE5x769s5xg1oJ+GYjx2QCIZQo3nzqRlpgIrhpm9+1UImzS +zcQ8tnyczG1Ln6XX0hlRaPBwsplO30B6M6TkOAarWzmJ1ChWVq9f8Z2I9UWTQ+osl9lJLW4lGW lGNDTDl+qQ0Lpvkua3f1eJFgsX7 X-Received: by 2002:a05:600c:83c6:b0:493:c42e:5be0 with SMTP id 5b1f17b1804b1-493e6853dbfmr67081165e9.0.1783591620511; Thu, 09 Jul 2026 03:07:00 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:00 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 02/25] libssh2: fix CVE-2026-55199 Date: Thu, 9 Jul 2026 12:06:18 +0200 Message-ID: <2da74d75a8719db63979f132b456afdbd80395ef.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240549 From: Daniel Turull Backport patch to fix CVE-2026-55199. https://nvd.nist.gov/vuln/detail/CVE-2026-55199 Upstream fix: https://github.com/libssh2/libssh2/commit/17626857d20b3c9a1addfa45979dadcee1cd84a4 Tested with ptest: Before: PASSED: 3, FAILED: 0, SKIPPED: 0 After: PASSED: 3, FAILED: 0, SKIPPED: 0 Reviewed-by: Anders Heimer Signed-off-by: Daniel Turull (cherry picked from commit 5b52af4a02849c1ce74491056a2d13e4e3b6ad2d) Signed-off-by: Yoann Congal --- .../libssh2/libssh2/CVE-2026-55199.patch | 44 +++++++++++++++++++ .../recipes-support/libssh2/libssh2_1.11.1.bb | 1 + 2 files changed, 45 insertions(+) create mode 100644 meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch diff --git a/meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch b/meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch new file mode 100644 index 00000000000..81815486ada --- /dev/null +++ b/meta/recipes-support/libssh2/libssh2/CVE-2026-55199.patch @@ -0,0 +1,44 @@ +From b5cb1c1781ba5f275485f65855d61faaba6542b2 Mon Sep 17 00:00:00 2001 +From: TristanInSec +Date: Wed, 15 Apr 2026 14:51:08 -0400 +Subject: [PATCH] packet: check `_libssh2_get_string()` return in `EXT_INFO` + handler + +The `SSH_MSG_EXT_INFO` handler discards the return values from +`_libssh2_get_string()` when parsing extension name/value pairs. When +the buffer is exhausted before all claimed extensions are parsed, +the loop continues with no-op iterations until `nr_extensions` reaches +zero. + +The `nr_extensions >= 1024` cap limits the worst case, but the loop +should still break on parse failure for correctness and consistency +with other parsers in this file (e.g. `SSH_MSG_CHANNEL_OPEN`, +`SSH_MSG_KEXINIT`) that check `_libssh2_get_string()` return values. + +Closes #1864 + +CVE: CVE-2026-55199 +Upstream-Status: Backport [https://github.com/libssh2/libssh2/commit/17626857d20b3c9a1addfa45979dadcee1cd84a4] + +Signed-off-by: Daniel Turull +--- + src/packet.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/packet.c b/src/packet.c +index 6da14e9f..ebaddae5 100644 +--- a/src/packet.c ++++ b/src/packet.c +@@ -868,8 +868,10 @@ _libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + + nr_extensions -= 1; + +- _libssh2_get_string(&buf, &name, &name_len); +- _libssh2_get_string(&buf, &value, &value_len); ++ if(_libssh2_get_string(&buf, &name, &name_len)) ++ break; ++ if(_libssh2_get_string(&buf, &value, &value_len)) ++ break; + + if(name && value) { + _libssh2_debug((session, diff --git a/meta/recipes-support/libssh2/libssh2_1.11.1.bb b/meta/recipes-support/libssh2/libssh2_1.11.1.bb index d6ee97f7ed0..960ff71df2f 100644 --- a/meta/recipes-support/libssh2/libssh2_1.11.1.bb +++ b/meta/recipes-support/libssh2/libssh2_1.11.1.bb @@ -12,6 +12,7 @@ SRC_URI = "http://www.libssh2.org/download/${BP}.tar.gz \ file://0001-Return-error-if-user-KEX-methods-are-invalid.patch \ file://CVE-2026-7598.patch \ file://CVE-2026-55200.patch \ + file://CVE-2026-55199.patch \ " SRC_URI[sha256sum] = "d9ec76cbe34db98eec3539fe2c899d26b0c837cb3eb466a56b0f109cabf658f7" From patchwork Thu Jul 9 10:06:19 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92106 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CD06DC44501 for ; Thu, 9 Jul 2026 10:07:06 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5883.1783591623399919882 for ; Thu, 09 Jul 2026 03:07:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=a3j7aLs4; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-493c1950518so4598055e9.1 for ; Thu, 09 Jul 2026 03:07:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591622; x=1784196422; darn=lists.openembedded.org; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:from:to:cc:subject:date :message-id:reply-to:content-type; bh=3T6QDVvx6R18j1CGsUmwxRxG/hcKL/Gdmh/qZDk6fyA=; b=a3j7aLs4pVeznSX1sZFm0hPXkqQ2C9jc4Dxv+HFoz5Vhiq8TlHvxxq1/1GGcE8AIpu j/9J/y2QS5FMk6qKYyHwUITj+nkCngwYbmGsO7IfwYej5zbEZ2C0oDDJHEyVUvUSgoQA m3LLDsP5iEG3mijlLME7h+W4weJs+zB0gJlkc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591622; x=1784196422; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to :content-type; bh=3T6QDVvx6R18j1CGsUmwxRxG/hcKL/Gdmh/qZDk6fyA=; b=UxhDsoilSirlHYy6oLO2vmjQwxn0IUDa4fbu95BNl6vc4//S7fMdgA+vezIOif4kVG AJil6K8RfZlb8gzHHN0tMfyanWttpeCcJAhXK29FZX/OoY8x6SWf0535PYShfqDnusOi SqSoclMexIDPBdu4b8yO0r611+zYVYS/1rONNSFEKN7wtKQ26gDcJxdQh5h9hdT6eNzj qUhLlEQ4gf2gTHkAvCjuKEPfkw5oOZUpuDOV+wz21y+TU2tbaDaPHUGUxbtTcKgTYoV+ w1R2Ra2XuKBil/pkJaciLW/687ZPgFT9txZzEiPaBNMZAFrDviyP27kAkraW2Xh4oFim HpcA== X-Gm-Message-State: AOJu0YyFhdAKE2JaGSLjaxgCkn4sO9nOiQ4vsvOH8FuTs5OE9E1c+DDD kPOG8pO+BYjoX8PiJqV/ZGXK3cWnd8hOkz+Ie4Z+evMA+cFTtImSYYse50VC+x63NGqDJA7ZjdR Q3G1kaC4= X-Gm-Gg: AfdE7clPHefviEIMCH/HsrbkdVqxFDriLQ5T4f8y66shPKaOWi2KykHcANY/piAVYR5 pR+706VL9MfHRvXrE7f2Lxlqsm2fKraDjJ4Qf5M6oMZuR9jNihAZupPOBudjYu3AZkBeEzYeRAR C0LVohQ7iyyM+GhRLAHu3CoaaBs0q3o+5+vDevO9Z/6j2QZ/Dy3ApWbYtJb1JegFhAnCEn4N4gw qaCHTLyNfzooVB0Bz9orgDPx1nJPksfiWRF5SSLsljaxzuwjTxksHrMHYV3395Dme76nNuERLMJ NW22FNvMGcECrAAKyYOCSZxplhd43yug8muwyxufZ5yBxtQZU5IFyrDnW506UGEoh/JXVz1DrMX R3owiaAYwquDUMJ7BpWl8YwlK8pXKbhTnr268K2egPVHaqLLY7mXFNwDKoeLiZnxOOauhSZxxRN Krv0Dx+3tPaz9LJ0Gz0T1/vL1wWkPVuSsIBd4hajd9BnTBOT+241hsUBFNaXWuumeynrkKRT6Er jVV1v4KRXuq+QPwRYSKxDZ3A74T X-Received: by 2002:a05:600c:a016:b0:493:bc4a:a14d with SMTP id 5b1f17b1804b1-493ec77727fmr20933435e9.19.1783591621128; Thu, 09 Jul 2026 03:07:01 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.00 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:00 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 03/25] tar: Fix CVE-2026-5704 Date: Thu, 9 Jul 2026 12:06:19 +0200 Message-ID: <86360db7d1ea4e5d2bac9889cf8fefe6148a90b4.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240551 From: Himanshu Jadon Backport the upstream 3-commit fix chain for CVE-2026-5704. The final CVE fix is [1], which depends on the earlier cleanup in [2] and the behavioral change in [3]. Keep this patch order so the final fix applies cleanly and preserves the upstream logic. Also include upstream follow-up [4] to fix the --no-overwrite-dir ptest regression caused by the CVE backport. Without this follow-up, tar can temporarily chmod an existing directory even when --no-overwrite-dir is used, which breaks the upstream --no-overwrite-dir ptest. [1] https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b8d8a61b25588caca4efaf9bdd2e3f1a49da77e3 [2] https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=112ead79312ea308e58414b74623f101b8c06f0b [3] https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b009124ffde415515081db844d7a104e1d1c6c58 [4] https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=4e742fc8674064a9fa00d4483d06aca48d5b0463 [5] https://security-tracker.debian.org/tracker/CVE-2026-5704 Signed-off-by: Himanshu Jadon Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Richard Purdie (cherry picked from commit 872d86b99ad3e77a105b386331a41f7fa40c2b72) Signed-off-by: Himanshu Jadon Signed-off-by: Yoann Congal --- .../tar/tar/CVE-2026-5704-dependent_p1.patch | 484 +++++++++++++++ .../tar/tar/CVE-2026-5704-dependent_p2.patch | 169 ++++++ .../tar/tar/CVE-2026-5704-regression.patch | 176 ++++++ .../tar/tar/CVE-2026-5704.patch | 556 ++++++++++++++++++ meta/recipes-extended/tar/tar_1.35.bb | 4 + 5 files changed, 1389 insertions(+) create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch create mode 100644 meta/recipes-extended/tar/tar/CVE-2026-5704.patch diff --git a/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch b/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch new file mode 100644 index 00000000000..b7180e16719 --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p1.patch @@ -0,0 +1,484 @@ +From cb6d041ba711620b52637ebd2f9cb0c445a91e4f Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Fri, 1 Nov 2024 14:15:09 -0700 +Subject: [PATCH] Prefer other types to int in extract.c +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +* src/extract.c (fd_chmod, extract_chdir, open_output_file) +(extract_file, extract_link, extract_symlink, extract_node) +(extract_fifo, tar_extractor_t, pepare_to_extract): Prefer char to +int for typeflag, since it’s a char. All uses changed. +(fd_chmod): Use clearer code for errno. +(extract_dir, extract_file, create_placeholder_file, extract_link) +(extract_symlink, extract_node, extract_fifo, tar_extractor_t): +Return bool true for success, false for failure. All uses changed. +(open_output_file): Prefer bool for boolean. +(prepare_to_extract): Simplify by returning the extractor a null +pointer, rather than storing through a pointer to an extractor. + +CVE: CVE-2026-5704 +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=112ead79312ea308e58414b74623f101b8c06f0b] + +Backport Changes: +- In src/extract.c, the extractor-selection and extraction-control-flow + hunk was adapted to the older tar-1.35 code layout around + prepare_to_extract() and extract_archive(). The backport preserves the + upstream logic but does not apply as an exact textual match in that + section. + +(cherry picked from commit 112ead79312ea308e58414b74623f101b8c06f0b) +Signed-off-by: Himanshu Jadon +--- + src/extract.c | 141 ++++++++++++++++++++++++-------------------------- + 1 file changed, 69 insertions(+), 72 deletions(-) + +diff --git a/src/extract.c b/src/extract.c +index 314d8bc0..b384fed3 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -254,9 +254,9 @@ fd_i_chmod (int fd, char const *file, mode_t mode, int atflag) + notation. + */ + static int +-fd_chmod(int fd, char const *file_name, int mode, int atflag, int typeflag) ++fd_chmod (int fd, char const *file_name, int mode, int atflag, char typeflag) + { +- int chmod_errno = fd_i_chmod (fd, file_name, mode, atflag) == 0 ? 0 : errno; ++ int chmod_errno = fd_i_chmod (fd, file_name, mode, atflag) < 0 ? errno : 0; + + /* On Solaris, chmod may fail if we don't have PRIV_ALL, because + setuid-root files would otherwise be a backdoor. See +@@ -265,7 +265,7 @@ fd_chmod(int fd, char const *file_name, int mode, int atflag, int typeflag) + if (chmod_errno == EPERM && (mode & S_ISUID) + && priv_set_restore_linkdir () == 0) + { +- chmod_errno = fd_i_chmod (fd, file_name, mode, atflag) == 0 ? 0 : errno; ++ chmod_errno = fd_i_chmod (fd, file_name, mode, atflag) < 0 ? errno : 0; + priv_set_remove_linkdir (); + } + +@@ -275,7 +275,7 @@ fd_chmod(int fd, char const *file_name, int mode, int atflag, int typeflag) + supported and if the file is not a symlink. This + introduces a race, alas. */ + if (atflag && typeflag != SYMTYPE && ! implemented (chmod_errno)) +- chmod_errno = fd_i_chmod (fd, file_name, mode, 0) == 0 ? 0 : errno; ++ chmod_errno = fd_i_chmod (fd, file_name, mode, 0) < 0 ? errno : 0; + + if (chmod_errno && (typeflag != SYMTYPE || implemented (chmod_errno))) + { +@@ -1036,8 +1036,8 @@ safe_dir_mode (struct stat const *st) + + /* Extractor functions for various member types */ + +-static int +-extract_dir (char *file_name, int typeflag) ++static bool ++extract_dir (char *file_name, char typeflag) + { + int status; + mode_t mode; +@@ -1089,7 +1089,7 @@ extract_dir (char *file_name, int typeflag) + + if (keep_directory_symlink_option + && is_directory_link (file_name, &st)) +- return 0; ++ return true; + + if ((st.st_mode != 0 && fstatat_flags == 0) + || deref_stat (file_name, &st) == 0) +@@ -1102,7 +1102,7 @@ extract_dir (char *file_name, int typeflag) + if (interdir_made) + { + repair_delayed_set_stat (file_name, &st); +- return 0; ++ return true; + } + else if (old_files_option == NO_OVERWRITE_DIR_OLD_FILES) + { +@@ -1154,7 +1154,7 @@ extract_dir (char *file_name, int typeflag) + if (errno != EEXIST) + { + mkdir_error (file_name); +- return 1; ++ return false; + } + break; + } +@@ -1167,13 +1167,13 @@ extract_dir (char *file_name, int typeflag) + delay_set_stat (file_name, ¤t_stat_info, + current_mode, current_mode_mask, + current_stat_info.stat.st_mode, atflag); +- return status; ++ return status == 0; + } + + + + static int +-open_output_file (char const *file_name, int typeflag, mode_t mode, ++open_output_file (char const *file_name, char typeflag, mode_t mode, + int file_created, mode_t *current_mode, + mode_t *current_mode_mask) + { +@@ -1189,11 +1189,11 @@ open_output_file (char const *file_name, int typeflag, mode_t mode, + + if (typeflag == CONTTYPE) + { +- static int conttype_diagnosed; ++ static bool conttype_diagnosed; + + if (!conttype_diagnosed) + { +- conttype_diagnosed = 1; ++ conttype_diagnosed = true; + WARNOPT (WARN_CONTIGUOUS_CAST, + (0, 0, _("Extracting contiguous files as regular files"))); + } +@@ -1245,8 +1245,8 @@ open_output_file (char const *file_name, int typeflag, mode_t mode, + return fd; + } + +-static int +-extract_file (char *file_name, int typeflag) ++static bool ++extract_file (char *file_name, char typeflag) + { + int fd; + off_t size; +@@ -1268,7 +1268,7 @@ extract_file (char *file_name, int typeflag) + if (fd < 0) + { + skip_member (); +- return 0; ++ return true; + } + } + else +@@ -1291,9 +1291,9 @@ extract_file (char *file_name, int typeflag) + { + skip_member (); + if (recover == RECOVER_SKIP) +- return 0; ++ return true; + open_error (file_name); +- return 1; ++ return false; + } + } + } +@@ -1344,7 +1344,7 @@ extract_file (char *file_name, int typeflag) + it doesn't exist, or we don't want to touch it anyway. */ + + if (to_stdout_option) +- return 0; ++ return true; + + if (! to_command_option) + set_stat (file_name, ¤t_stat_info, fd, +@@ -1359,7 +1359,7 @@ extract_file (char *file_name, int typeflag) + if (to_command_option) + sys_wait_command (); + +- return status; ++ return status == 0; + } + + /* Return true if NAME is a delayed link. This can happen only if the link +@@ -1399,7 +1399,7 @@ find_delayed_link_source (char const *name) + process. + */ + +-static int ++static bool + create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made) + { + int fd; +@@ -1413,7 +1413,7 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made) + that the link being extracted is a duplicate of an already + processed one. Skip it. + */ +- return 0; ++ return true; + } + + switch (maybe_recoverable (file_name, false, interdir_made)) +@@ -1422,11 +1422,11 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made) + continue; + + case RECOVER_SKIP: +- return 0; ++ return true; + + case RECOVER_NO: + open_error (file_name); +- return -1; ++ return false; + } + } + +@@ -1484,14 +1484,14 @@ create_placeholder_file (char *file_name, bool is_symlink, bool *interdir_made) + if ((h = find_direct_ancestor (file_name)) != NULL) + mark_after_links (h); + +- return 0; ++ return true; + } + +- return -1; ++ return false; + } + +-static int +-extract_link (char *file_name, MAYBE_UNUSED int typeflag) ++static bool ++extract_link (char *file_name, MAYBE_UNUSED char typeflag) + { + bool interdir_made = false; + char const *link_name; +@@ -1531,7 +1531,7 @@ extract_link (char *file_name, MAYBE_UNUSED int typeflag) + } + } + +- return 0; ++ return true; + } + else if ((e == EEXIST && strcmp (link_name, file_name) == 0) + || ((fstatat (chdir_fd, link_name, &st1, AT_SYMLINK_NOFOLLOW) +@@ -1540,7 +1540,7 @@ extract_link (char *file_name, MAYBE_UNUSED int typeflag) + == 0) + && st1.st_dev == st2.st_dev + && st1.st_ino == st2.st_ino)) +- return 0; ++ return true; + + errno = e; + } +@@ -1548,17 +1548,17 @@ extract_link (char *file_name, MAYBE_UNUSED int typeflag) + == RECOVER_OK); + + if (rc == RECOVER_SKIP) +- return 0; ++ return true; + if (!(incremental_option && errno == EEXIST)) + { + link_error (link_name, file_name); +- return 1; ++ return false; + } +- return 0; ++ return true; + } + +-static int +-extract_symlink (char *file_name, MAYBE_UNUSED int typeflag) ++static bool ++extract_symlink (char *file_name, MAYBE_UNUSED char typeflag) + { + #ifdef HAVE_SYMLINK + bool interdir_made = false; +@@ -1575,16 +1575,16 @@ extract_symlink (char *file_name, MAYBE_UNUSED int typeflag) + continue; + + case RECOVER_SKIP: +- return 0; ++ return true; + + case RECOVER_NO: + symlink_error (current_stat_info.link_name, file_name); +- return -1; ++ return false; + } + + set_stat (file_name, ¤t_stat_info, -1, 0, 0, + SYMTYPE, false, AT_SYMLINK_NOFOLLOW); +- return 0; ++ return true; + + #else + static int warned_once; +@@ -1601,8 +1601,8 @@ extract_symlink (char *file_name, MAYBE_UNUSED int typeflag) + } + + #if S_IFCHR || S_IFBLK +-static int +-extract_node (char *file_name, int typeflag) ++static bool ++extract_node (char *file_name, char typeflag) + { + bool interdir_made = false; + mode_t mode = (current_stat_info.stat.st_mode & (MODE_RWX | S_IFBLK | S_IFCHR) +@@ -1616,23 +1616,23 @@ extract_node (char *file_name, int typeflag) + continue; + + case RECOVER_SKIP: +- return 0; ++ return true; + + case RECOVER_NO: + mknod_error (file_name); +- return -1; ++ return false; + } + + set_stat (file_name, ¤t_stat_info, -1, + mode & ~ current_umask, MODE_RWX, + typeflag, false, AT_SYMLINK_NOFOLLOW); +- return 0; ++ return true; + } + #endif + + #if HAVE_MKFIFO || defined mkfifo +-static int +-extract_fifo (char *file_name, int typeflag) ++static bool ++extract_fifo (char *file_name, char typeflag) + { + bool interdir_made = false; + mode_t mode = (current_stat_info.stat.st_mode & MODE_RWX +@@ -1645,31 +1645,31 @@ extract_fifo (char *file_name, int typeflag) + continue; + + case RECOVER_SKIP: +- return 0; ++ return true; + + case RECOVER_NO: + mkfifo_error (file_name); +- return -1; ++ return false; + } + + set_stat (file_name, ¤t_stat_info, -1, + mode & ~ current_umask, MODE_RWX, + typeflag, false, AT_SYMLINK_NOFOLLOW); +- return 0; ++ return true; + } + #endif + +-typedef int (*tar_extractor_t) (char *file_name, int typeflag); ++typedef bool (*tar_extractor_t) (char *file_name, char typeflag); + + + /* Prepare to extract a file. Find extractor function. +- Return true to proceed with the extraction, false to skip the current +- member. */ ++ Return an extractor to proceed with the extraction, ++ a null pointer to skip the current member. */ + +-static bool +-prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun) ++static tar_extractor_t ++prepare_to_extract (char const *file_name, char typeflag) + { +- tar_extractor_t extractor = NULL; ++ tar_extractor_t extractor; + + /* Select the extractor */ + switch (typeflag) +@@ -1683,10 +1683,8 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun) + case CONTTYPE: + /* Appears to be a file. But BSD tar uses the convention that a slash + suffix means a directory. */ +- if (current_stat_info.had_trailing_slash) +- extractor = extract_dir; +- else +- extractor = extract_file; ++ extractor = (current_stat_info.had_trailing_slash ++ ? extract_dir : extract_file); + break; + + case SYMTYPE: +@@ -1725,18 +1723,18 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun) + break; + + case GNUTYPE_VOLHDR: +- return false; ++ return NULL; + + case GNUTYPE_MULTIVOL: + ERROR ((0, 0, + _("%s: Cannot extract -- file is continued from another volume"), + quotearg_colon (current_stat_info.file_name))); +- return false; ++ return NULL; + + case GNUTYPE_LONGNAME: + case GNUTYPE_LONGLINK: + ERROR ((0, 0, _("Unexpected long name header"))); +- return false; ++ return NULL; + + default: + WARNOPT (WARN_UNKNOWN_CAST, +@@ -1749,7 +1747,7 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun) + if (EXTRACT_OVER_PIPE) + { + if (extractor != extract_file) +- return false; ++ return NULL; + } + else + { +@@ -1763,7 +1761,7 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun) + && errno && errno != ENOENT) + { + unlink_error (file_name); +- return false; ++ return NULL; + } + break; + +@@ -1773,7 +1771,7 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun) + WARNOPT (WARN_IGNORE_NEWER, + (0, 0, _("Current %s is newer or same age"), + quote (file_name))); +- return false; ++ return NULL; + } + break; + +@@ -1781,9 +1779,7 @@ prepare_to_extract (char const *file_name, int typeflag, tar_extractor_t *fun) + break; + } + } +- *fun = extractor; +- +- return true; ++ return extractor; + } + + /* Extract a file from the archive. */ +@@ -1791,7 +1787,6 @@ void + extract_archive (void) + { + char typeflag; +- tar_extractor_t fun; + bool skip_dotdot_name; + + fatal_exit_hook = extract_finish; +@@ -1841,12 +1836,14 @@ extract_archive (void) + + /* Extract the archive entry according to its type. */ + /* KLUDGE */ +- typeflag = sparse_member_p (¤t_stat_info) ? +- GNUTYPE_SPARSE : current_header->header.typeflag; ++ typeflag = (sparse_member_p (¤t_stat_info) ++ ? GNUTYPE_SPARSE : current_header->header.typeflag); + +- if (prepare_to_extract (current_stat_info.file_name, typeflag, &fun)) ++ tar_extractor_t fun = prepare_to_extract (current_stat_info.file_name, ++ typeflag); ++ if (fun) + { +- if (fun (current_stat_info.file_name, typeflag) == 0) ++ if (fun (current_stat_info.file_name, typeflag)) + return; + } + else +-- +2.44.1 + diff --git a/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch b/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch new file mode 100644 index 00000000000..c3a94db5a05 --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2026-5704-dependent_p2.patch @@ -0,0 +1,169 @@ +From a934d62acc1edc202e93e9f1b38eff1d880568a0 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Mon, 12 May 2025 17:17:21 +0300 +Subject: [PATCH] Handle directory members consistently when listing and when + extracting. + +* src/list.c (skim_member): Recognize directory members using +the same rules as during extraction. +* tests/skipdir.at: New testcase. +* tests/testsuite.at: Add new test. +* tests/Makefile.am: Likewise. + +CVE: CVE-2026-5704 +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b009124ffde415515081db844d7a104e1d1c6c58] + +(cherry picked from commit b009124ffde415515081db844d7a104e1d1c6c58) +Signed-off-by: Himanshu Jadon +--- + src/list.c | 22 ++++++++++++++++-- + tests/Makefile.am | 1 + + tests/skipdir.at | 56 ++++++++++++++++++++++++++++++++++++++++++++++ + tests/testsuite.at | 3 ++- + 4 files changed, 79 insertions(+), 3 deletions(-) + create mode 100644 tests/skipdir.at + +diff --git a/src/list.c b/src/list.c +index e9a68159..928779e1 100644 +--- a/src/list.c ++++ b/src/list.c +@@ -1440,6 +1440,23 @@ skip_member (void) + skim_member (false); + } + ++static bool ++member_is_dir (struct tar_stat_info *info, char typeflag) ++{ ++ switch (typeflag) { ++ case AREGTYPE: ++ case REGTYPE: ++ case CONTTYPE: ++ return info->had_trailing_slash; ++ ++ case DIRTYPE: ++ return true; ++ ++ default: ++ return false; ++ } ++} ++ + /* Skip the current member in the archive. + If MUST_COPY, always copy instead of skipping. */ + void +@@ -1447,14 +1464,15 @@ skim_member (bool must_copy) + { + if (!current_stat_info.skipped) + { +- char save_typeflag = current_header->header.typeflag; ++ bool is_dir = member_is_dir (¤t_stat_info, ++ current_header->header.typeflag); + set_next_block_after (current_header); + + mv_begin_read (¤t_stat_info); + + if (current_stat_info.is_sparse) + sparse_skim_file (¤t_stat_info, must_copy); +- else if (save_typeflag != DIRTYPE) ++ else if (!is_dir) + skim_file (current_stat_info.stat.st_size, must_copy); + + mv_end (); +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 1884b722..6cf726c0 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -240,6 +240,7 @@ TESTSUITE_AT = \ + shortrec.at\ + shortupd.at\ + sigpipe.at\ ++ skipdir.at\ + sparse01.at\ + sparse02.at\ + sparse03.at\ +diff --git a/tests/skipdir.at b/tests/skipdir.at +new file mode 100644 +index 00000000..7106ee74 +--- /dev/null ++++ b/tests/skipdir.at +@@ -0,0 +1,56 @@ ++# Process this file with autom4te to create testsuite. -*- Autotest -*- ++ ++# Test suite for GNU tar. ++# Copyright 2025 Free Software Foundation, Inc. ++ ++# This file is part of GNU tar. ++ ++# GNU tar is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3 of the License, or ++# (at your option) any later version. ++ ++# GNU tar is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++# Description: determining member type when listing and extracting ++# should follow the same principles. ++# ++# Until version 1.35 the same archive member could have been processed ++# as a directory when extracting and as a regular file when being ++# skipped during listing. ++# ++# References: https://savannah.gnu.org/patch/index.php?10100 ++ ++AT_SETUP([skip directory members]) ++AT_KEYWORDS([skipdir]) ++AT_DATA([archive.in], ++[/Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4Cf/AG1dADedyh4ubnxHHIi7Cen6orusgKqY3paKeQwp ++3//HS9EIT7Hm+MsndXfRntXVt8mu8oDpLOfC+AB9VldyCtp2jqOfTwa455qfGAcONPn6WWDgsaAh ++O2Y6ptXuaF/vdaNkub7SkOBME8jHYITT5QAAAAAAHtdcflb5Zw8AAYkBgFAAAPYgb0axxGf7AgAA ++AAAEWVo= ++]) ++AT_CHECK([base64 --help >/dev/null 2>&1 || AT_SKIP_TEST ++xz --help >/dev/null 2>&1 || AT_SKIP_TEST ++base64 -d < archive.in | xz -c -d > archive.tar ++]) ++AT_CHECK([tar tf archive.tar], ++[0], ++[owo1/ ++owo2/ ++]) ++AT_CHECK([tar vxf archive.tar], ++[0], ++[owo1/ ++owo2/ ++]) ++AT_CHECK([tar -xvf archive.tar --exclude owo1], ++[0], ++[owo2/ ++]) ++AT_CLEANUP +diff --git a/tests/testsuite.at b/tests/testsuite.at +index 44ae773b..f2229be1 100644 +--- a/tests/testsuite.at ++++ b/tests/testsuite.at +@@ -464,7 +464,7 @@ AT_BANNER([Volume operations]) + m4_include([volume.at]) + m4_include([volsize.at]) + +-AT_BANNER() ++AT_BANNER([Various tests]) + m4_include([comprec.at]) + m4_include([shortfile.at]) + m4_include([shortupd.at]) +@@ -473,6 +473,7 @@ m4_include([truncate.at]) + m4_include([grow.at]) + m4_include([sigpipe.at]) + m4_include([comperr.at]) ++m4_include([skipdir.at]) + + AT_BANNER([Removing files after archiving]) + m4_include([remfiles01.at]) +-- +2.44.1 + diff --git a/meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch b/meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch new file mode 100644 index 00000000000..d38b46b8ecd --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2026-5704-regression.patch @@ -0,0 +1,176 @@ +From 4e742fc8674064a9fa00d4483d06aca48d5b0463 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Sat, 26 Jul 2025 21:41:23 -0700 +Subject: [PATCH] --no-overwrite-dir no overwrite even temporarily + +Problem and fix reported by Pavel Cahyna in +https://lists.gnu.org/r/bug-tar/2025-01/msg00000.html +* src/extract.c (extract_dir): With --no-overwrite-dir, +skip the chmod if the directory already exists. +* tests/extrac23.at (--no-overwrite-dir on empty directory): +Move the part of the test that looks at a nonempty directory ... +* tests/extrac30.at: ... to this new file, because the test now +must be run as non-root. Adjust the test to match the new behavior. +* tests/Makefile.am (TESTSUITE_AT), tests/testsuite.at: Add it. + +CVE: CVE-2026-5704 +Upstream-Status: Backport [https://git.savannah.gnu.org/cgit/tar.git/commit/?id=4e742fc8674064a9fa00d4483d06aca48d5b0463] + +Backport Changes: +- Omit the NEWS update. +- Adapt tests/Makefile.am and tests/testsuite.at context to the tar-1.35 + test list carried by OE-Core. + +(cherry picked from commit 4e742fc8674064a9fa00d4483d06aca48d5b0463) +Signed-off-by: Himanshu Jadon +--- +diff --git a/src/extract.c b/src/extract.c +index 3bf0d77..4ed19b6 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -1102,31 +1102,6 @@ extract_dir (char *file_name, MAYBE_UNUSED char typeflag) + repair_delayed_set_stat (file_name, &st); + return true; + } +- else if (old_files_option == NO_OVERWRITE_DIR_OLD_FILES) +- { +- /* Temporarily change the directory mode to a safe +- value, to be able to create files in it, should +- the need be. +- */ +- mode = safe_dir_mode (&st); +- status = fd_chmod (-1, file_name, mode, +- AT_SYMLINK_NOFOLLOW, DIRTYPE); +- if (status == 0) +- { +- /* Store the actual directory mode, to be restored +- later. +- */ +- current_stat_info.stat = st; +- current_mode = mode & ~ current_umask; +- current_mode_mask = MODE_RWX; +- atflag = AT_SYMLINK_NOFOLLOW; +- break; +- } +- else +- { +- chmod_error_details (file_name, mode); +- } +- } + break; + } + } +diff --git a/tests/Makefile.am b/tests/Makefile.am +index baeb55b..a75abdb 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -133,6 +133,7 @@ TESTSUITE_AT = \ + extrac23.at\ + extrac24.at\ + extrac25.at\ ++ extrac30.at\ + extrac32.at\ + filerem01.at\ + filerem02.at\ +diff --git a/tests/extrac23.at b/tests/extrac23.at +index cb63ebb..efc9a32 100644 +--- a/tests/extrac23.at ++++ b/tests/extrac23.at +@@ -15,15 +15,12 @@ + # + # You should have received a copy of the GNU General Public License + # along with this program. If not, see . +-AT_SETUP([--no-overwrite-dir]) ++AT_SETUP([--no-overwrite-dir on empty directory]) + AT_KEYWORDS([extract extrac23 no-overwrite-dir]) + + # Description: Implementation of the --no-overwrite-dir option was flawed in + # tar versions up to 1.32.90. This option is intended to preserve metadata + # of existing directories. In fact it worked only for non-empty directories. +-# Moreover, if the actual directory was owned by the user tar runs as and the +-# S_IWUSR bit was not set in its actual permissions, tar failed to create files +-# in it. + # + # Reported by: Michael Kaufmann + # References: <20200207112934.Horde.anXzYhAj2CHiwUrw5CuT0G-@webmail.michael-kaufmann.ch>, +@@ -38,21 +35,10 @@ chmod 777 dir + tar -xf a.tar --no-overwrite-dir + genfile --stat=mode.777 dir + +-# Test if temporary permissions are set correctly to allow the owner +-# to write to the directory. +-genfile --file dir/file +-tar cf a.tar dir +-rm dir/file +-chmod 400 dir +-tar -xf a.tar --no-overwrite-dir +-genfile --stat=mode.777 dir +-chmod 700 dir + find dir + ], + [0], + [777 +-400 + dir +-dir/file + ]) + AT_CLEANUP +diff --git a/tests/extrac30.at b/tests/extrac30.at +new file mode 100644 +index 0000000..8c879c9 +--- /dev/null ++++ b/tests/extrac30.at +@@ -0,0 +1,47 @@ ++# Test suite for GNU tar. -*- Autotest -*- ++# Copyright 2020-2025 Free Software Foundation, Inc. ++# ++# This file is part of GNU tar. ++# ++# GNU tar is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3 of the License, or ++# (at your option) any later version. ++# ++# GNU tar is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++AT_SETUP([--no-overwrite-dir on unwritable directory]) ++AT_KEYWORDS([extract extrac30 no-overwrite-dir]) ++ ++# Make sure that tar does not change permissions on directories if ++# --no-overwrite-dir tells it not to, not even temporarily. ++ ++AT_TAR_CHECK([ ++AT_UNPRIVILEGED_PREREQ ++ ++# Test that the user cannot write to a unwritable directory ++# if --no-overwrite-dir is used. ++mkdir dir ++chmod 755 dir ++genfile --file dir/file ++tar cf a.tar dir ++rm dir/file ++chmod 555 dir ++tar -xf a.tar --no-overwrite-dir ++genfile --stat=mode.777 dir ++chmod 755 dir ++find dir ++], ++[0], ++[555 ++dir ++], ++[tar: dir/file: Cannot open: Permission denied ++tar: Exiting with failure status due to previous errors ++]) ++AT_CLEANUP +diff --git a/tests/testsuite.at b/tests/testsuite.at +index 5875700..331a6e3 100644 +--- a/tests/testsuite.at ++++ b/tests/testsuite.at +@@ -352,0 +353 @@ ++m4_include([extrac30.at]) diff --git a/meta/recipes-extended/tar/tar/CVE-2026-5704.patch b/meta/recipes-extended/tar/tar/CVE-2026-5704.patch new file mode 100644 index 00000000000..81c6df37128 --- /dev/null +++ b/meta/recipes-extended/tar/tar/CVE-2026-5704.patch @@ -0,0 +1,556 @@ +From b97bbb10103a911d418015b7ff41384af0419952 Mon Sep 17 00:00:00 2001 +From: Paul Eggert +Date: Sun, 22 Mar 2026 12:19:40 -0700 +Subject: [PATCH] Fix more -t/-x discrepancies +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Problem reported by Guillermo de Angel in: +https://lists.gnu.org/r/bug-tar/2026-03/msg00007.html +* THANKS: Add him, and sort. +* src/extract.c (extract_dir, extract_file): +* src/incremen.c (purge_directory): +Do not call skip_member, as the caller now does that, and does it +more reliably. +* src/extract.c (extract_file): +Mark file as skipped when we’ve read it. +(extract_archive): Always call skip_member after extracting, +as it suppresses the skip as needed. +* src/incremen.c (try_purge_directory): Remove; no longer +needed. Move internals to purge_directory. +* src/list.c (read_header): Do not treat LNKTYPE header as having +size zero, as it can be nonzero (e.g., ‘pax -o linkdata’). +Set info->skipped field according to how the header was read. +(member_is_dir): Remove; no longer needed. +(skim_member): Skip directory data too, unless it’s already been +skipped (i.e., read). +* tests/extrac32.at: New file. +* tests/Makefile.am (TESTSUITE_AT): +* tests/testsuite.at: +Add it. +* tests/skipdir.at (skip directory members): +Fix test to match the correct behavior. +This fixes a bug introduced in commit +b009124ffde415515081db844d7a104e1d1c6c58 +dated 2025-05-12 17:17:21 +0300. + +CVE: CVE-2026-5704 +Upstream-Status: Backport [https://cgit.git.savannah.gnu.org/cgit/tar.git/commit/?id=b8d8a61b25588caca4efaf9bdd2e3f1a49da77e3] + +Backport Changes: +- Replaced UNNAMED(typeflag) with MAYBE_UNUSED char typeflag in extract_dir() + under src/extract.c, as the UNNAMED macro is not available in tar 1.35 + (introduced later in upstream commit 9280aa3807c1 "Prefer UNNAMED to + MAYBE_UNUSED"). +- THANKS file context difference: tar 1.35 has "Jurgen Botz" (ASCII), + while upstream has "Jürgen Botz" (UTF-8 umlaut), changed in upstream + commit 390950282d98 ("maint: fix some encodings and email addresses"); + the removed line in the diff reflects the tar 1.35 spelling. + +(cherry picked from commit b8d8a61b25588caca4efaf9bdd2e3f1a49da77e3) +Signed-off-by: Himanshu Jadon +--- + THANKS | 30 +++++++++++++++-------------- + src/extract.c | 23 ++++++---------------- + src/incremen.c | 22 +++++++-------------- + src/list.c | 48 +++++++++++++++------------------------------- + tests/Makefile.am | 1 + + tests/extrac32.at | 47 +++++++++++++++++++++++++++++++++++++++++++++ + tests/skipdir.at | 6 +----- + tests/testsuite.at | 1 + + 8 files changed, 94 insertions(+), 84 deletions(-) + create mode 100644 tests/extrac32.at + +diff --git a/THANKS b/THANKS +index aee0a924..03fa49d5 100644 +--- a/THANKS ++++ b/THANKS +@@ -6,6 +6,7 @@ Many people further contributed to GNU tar by reporting problems, + suggesting various improvements or submitting actual code. Here is a + list of these people. Help me keep it complete and exempt of errors. + See various ChangeLogs for a detailed description of contributions. ++This listed is sorted via "LC_ALL=C sort". + + Aage Robeck aagero@ifi.uio.no + Adam Borowski kilobyte@angband.pl +@@ -36,8 +37,8 @@ Andrew J. Schorr schorr@ead.dsa.com + Andrew Torda torda@igc.chem.ethz.ch + Andrey A. Chernov ache@astral.msk.su + Andy Gay andy@rdl.co.uk +-Antonio Jose Coutinho ajc@di.uminho.pt + Anthony G. Basile blueness@gentoo.org ++Antonio Jose Coutinho ajc@di.uminho.pt + Ariel Faigon ariel@engr.sgi.com + Arne Wichmann aw@math.uni-sb.de + Arnold Robbins arnold@gnu.org +@@ -79,9 +80,9 @@ Cesar Romani romani@ifm.uni-hamburg.de + Chad Hurwitz churritz@cts.com + Chance Reschke creschke@usra.edu + Charles Fu ccwf@klab.caltech.edu +-Charles McGarvey chazmcgarvey@brokenzipper.com + Charles Lopes Charles.Lopes@infm.ulst.ac.uk + Charles M. Hannum mycroft@gnu.org ++Charles McGarvey chazmcgarvey@brokenzipper.com + Chip Salzenberg tct!chip + Chris Arthur csa@gnu.org + Chris F.M. Verberne verberne@prl.philips.nl +@@ -93,9 +94,9 @@ Christian Callsen Christian.Callsen@eng.sun.com + Christian Kirsch ck@held.mind.de + Christian Laubscher christian.laubscher@tiscalinet.ch + Christian T. Dum ctd@mpe-garching.mpg.de +-Christian von Roques roques@pond.sub.org +-Christian Wetzel wetzel@phoenix-pacs.de + Christian Weisgerber naddy@mips.inka.de ++Christian Wetzel wetzel@phoenix-pacs.de ++Christian von Roques roques@pond.sub.org + Christoph Litauer litauer@mailhost.uni-koblenz.de + Christophe Colle colle@krtkg1.rug.ac.be + Christophe Kalt Christophe.Kalt@kbcfp.com +@@ -117,8 +118,8 @@ Dan Bloch dan@transarc.com + Dan Drake dan@dandrake.org + Dan Reish dreish@izzy.net + Daniel Hagerty hag@gnu.org +-Daniel Quinlan quinlan@pathname.com + Daniel Kahn Gillmor dkg@fifthhorseman.net ++Daniel Quinlan quinlan@pathname.com + Daniel R. Guilderson d.guilderson@ma30.bull.com + Daniel S. Barclay daniel@compass-da.com + Daniel Trinkle trinkle@cs.purdue.edu +@@ -198,6 +199,7 @@ Greg Hudson ghudson@mit.edu + Greg Maples greg@clari.net + Greg McGary gkm@cstone.net + Greg Schafer gschafer@zip.com.au ++Guillermo de Angel gdeangelg@gmail.com + Göran Uddeborg gvran@uddeborg.pp.se + Gürkan Karaman karaman@dssgmbh.de + Hans Guerth 100664.3101@compuserve.com +@@ -222,6 +224,7 @@ Indra Singhal indra@synoptics.com + J. Dean Brock brock@cs.unca.edu + J.J. Bailey jjb@jagware.bcc.com + J.T. Conklin jtc@cygnus.com ++James Antill jantill@redhat.com + James Crawford Ralston qralston+@pitt.edu + James E. Carpenter jimc@zach1.tiac.net + James H Caldwell Jr caldwell@cs.fsu.edu +@@ -233,15 +236,15 @@ Jan Carlson janc@sni.ca + Jan Djarv jan.djarv@mbox200.swipnet.se + Janice Burton r06a165@bcc25.kodak.com + Janne Snabb snabb@niksula.hut.fi +-Jason R. Mastaler jason@webmaster.net + Jason Armistead Jason.Armistead@otis.com ++Jason R. Mastaler jason@webmaster.net + Jay Fenlason hack@gnu.org + Jean-Louis Martineau martineau@zmanda.com +-Jean-Michel Soenen soenen@lectra.fr + Jean-Loup Gailly jloup@chorus.fr +-Jeff Moskow jeff@rtr.com ++Jean-Michel Soenen soenen@lectra.fr + Jean-Ph. Martin-Flatin syj@ecmwf.int + Jean-Pierre Demailly Jean-Pierre.Demailly@ujf-grenoble.fr ++Jeff Moskow jeff@rtr.com + Jeff Prothero jsp@betz.biostr.washington.edu + Jeff Siegel js@hornet.att.com + Jeff Sorensen sorenj@alumni.rpi.edu +@@ -249,7 +252,6 @@ Jeffrey Goldberg J.Goldberg@cranfield.ac.uk + Jeffrey Mark Siskind Qobi@emba.uvm.edu + Jeffrey W. Parker jwpkr@mcs.com + Jens Henrik Jensen recjhl@mediator.uni-c.dk +-Jérémy Bobbio lunar@debian.org + Jim Blandy jimb@totoro.cs.oberlin.edu + Jim Clausing jac@postbox.acs.ohio-state.edu + Jim Farrell jwf@platinum.com +@@ -283,13 +285,14 @@ Joutsiniemi Tommi Il tj75064@cs.tut.fi + Joy Kendall jak8@world.std.com + Judy Ricker jricker@gdstech.grumman.com + Juha Sarlin juha@tds.kth.se +-Jurgen Botz jbotz@orixa.mtholyoke.edu + Jyh-Shyang Wang erik@vsp.ee.nctu.edu.tw ++Jérémy Bobbio lunar@debian.org + Jörg Schilling schilling@fokus.fraunhofer.de +-Jörg Weule weule@cs.uni-duesseldorf.de + Jörg Weilbier gnu@weilbier.net ++Jörg Weule weule@cs.uni-duesseldorf.de + Jörgen Hågg Jorgen.Hagg@axis.se + Jörgen Weigert jw@suse.de ++Jürgen Botz jbotz@orixa.mtholyoke.edu + Jürgen Lüters jlueters@t-online.de + Jürgen Reiss reiss@psychologie.uni-wuerzburg.de + Kai Petzke wpp@marie.physik.tu-berlin.de +@@ -311,7 +314,6 @@ Kimmy Posey kimmyd@bnr.ca + Koji Kishi kis@rqa.sony.co.jp + Konno Hiroharu konno@pac.co.jp + Kurt Jaeger pi@lf.net +-James Antill jantill@redhat.com + Larry Creech lcreech@lonestar.rcclub.org + Larry Schwimmer rosebud@cyclone.stanford.edu + Lasse Collin lasse.collin@tukaani.org +@@ -394,7 +396,6 @@ Oswald P. Backus IV backus@lks.csi.com + Pascal Meheut pascal@cnam.cnam.fr + Patrick Fulconis fulco@sig.uvsq.fr + Patrick Timmons timmons@electech.polymtl.ca +-Pavel Raiskup praiskup@redhat.com + Paul Eggert eggert@twinsun.com + Paul Kanz paul@icx.com + Paul Mitchell P.Mitchell@surrey.ac.uk +@@ -402,6 +403,7 @@ Paul Nevai pali+@osu.edu + Paul Nordstrom 100067.3532@compuserve.com + Paul O'Connor oconnorp@ul.ie + Paul Siddall pauls@postman.essex.ac.uk ++Pavel Raiskup praiskup@redhat.com + Peder Chr. Norgaard pcn@tbit.dk + Pekka Janhunen Pekka.Janhunen@fmi.fi + Per Bojsen pb@delta.dk +@@ -420,9 +422,9 @@ Piotr Rotter piotr.rotter@active24.pl + R. Kent Dybvig dyb@cadence.bloomington.in.us + R. Scott Butler butler@prism.es.dupont.com + Rainer Orth ro@TechFak.Uni-Bielefeld.DE +-Ralf Wildenhues Ralf.Wildenhues@gmx.de + Ralf S. Engelschall rse@engelschall.com + Ralf Suckow suckow@contrib.de ++Ralf Wildenhues Ralf.Wildenhues@gmx.de + Ralph Corderoy ralph@inputplus.co.uk + Ralph Schleicher rs@purple.ul.bawue.de + Randy Bias randyb@edge.edge.net +diff --git a/src/extract.c b/src/extract.c +index b384fed3..3bf0d77e 100644 +--- a/src/extract.c ++++ b/src/extract.c +@@ -1037,7 +1037,7 @@ safe_dir_mode (struct stat const *st) + /* Extractor functions for various member types */ + + static bool +-extract_dir (char *file_name, char typeflag) ++extract_dir (char *file_name, MAYBE_UNUSED char typeflag) + { + int status; + mode_t mode; +@@ -1060,8 +1060,6 @@ extract_dir (char *file_name, char typeflag) + if (incremental_option) + /* Read the entry and delete files that aren't listed in the archive. */ + purge_directory (file_name); +- else if (typeflag == GNUTYPE_DUMPDIR) +- skip_member (); + + mode = safe_dir_mode (¤t_stat_info.stat); + +@@ -1266,10 +1264,7 @@ extract_file (char *file_name, char typeflag) + { + fd = sys_exec_command (file_name, 'f', ¤t_stat_info); + if (fd < 0) +- { +- skip_member (); +- return true; +- } ++ return true; + } + else + { +@@ -1289,7 +1284,6 @@ extract_file (char *file_name, char typeflag) + int recover = maybe_recoverable (file_name, true, &interdir_made); + if (recover != RECOVER_OK) + { +- skip_member (); + if (recover == RECOVER_SKIP) + return true; + open_error (file_name); +@@ -1337,6 +1331,7 @@ extract_file (char *file_name, char typeflag) + } + + skim_file (size, false); ++ current_stat_info.skipped = true; + + mv_end (); + +@@ -1841,15 +1836,9 @@ extract_archive (void) + + tar_extractor_t fun = prepare_to_extract (current_stat_info.file_name, + typeflag); +- if (fun) +- { +- if (fun (current_stat_info.file_name, typeflag)) +- return; +- } +- else +- skip_member (); +- +- if (backup_option) ++ bool ok = fun && fun (current_stat_info.file_name, typeflag); ++ skip_member (); ++ if (!ok && backup_option) + undo_last_backup (); + } + +diff --git a/src/incremen.c b/src/incremen.c +index 7bcfdb93..194d5cb1 100644 +--- a/src/incremen.c ++++ b/src/incremen.c +@@ -1625,8 +1625,8 @@ dumpdir_ok (char *dumpdir) + + /* Examine the directories under directory_name and delete any + files that were not there at the time of the back-up. */ +-static bool +-try_purge_directory (char const *directory_name) ++void ++purge_directory (char const *directory_name) + { + char *current_dir; + char *cur, *arc, *p; +@@ -1634,18 +1634,18 @@ try_purge_directory (char const *directory_name) + struct dumpdir *dump; + + if (!is_dumpdir (¤t_stat_info)) +- return false; ++ return; + + current_dir = tar_savedir (directory_name, 0); + + if (!current_dir) + /* The directory doesn't exist now. It'll be created. In any + case, we don't have to delete any files out of it. */ +- return false; ++ return; + + /* Verify if dump directory is sane */ + if (!dumpdir_ok (current_stat_info.dumpdir)) +- return false; ++ return; + + /* Process renames */ + for (arc = current_stat_info.dumpdir; *arc; arc += strlen (arc) + 1) +@@ -1666,7 +1666,7 @@ try_purge_directory (char const *directory_name) + quote (temp_stub))); + free (temp_stub); + free (current_dir); +- return false; ++ return; + } + } + else if (*arc == 'R') +@@ -1700,7 +1700,7 @@ try_purge_directory (char const *directory_name) + free (current_dir); + /* FIXME: Make sure purge_directory(dst) will return + immediately */ +- return false; ++ return; + } + } + } +@@ -1758,14 +1758,6 @@ try_purge_directory (char const *directory_name) + dumpdir_free (dump); + + free (current_dir); +- return true; +-} +- +-void +-purge_directory (char const *directory_name) +-{ +- if (!try_purge_directory (directory_name)) +- skip_member (); + } + + void +diff --git a/src/list.c b/src/list.c +index 928779e1..c9623eb4 100644 +--- a/src/list.c ++++ b/src/list.c +@@ -437,20 +437,15 @@ read_header (union block **return_block, struct tar_stat_info *info, + if ((status = tar_checksum (header, false)) != HEADER_SUCCESS) + break; + +- /* Good block. Decode file size and return. */ +- +- if (header->header.typeflag == LNKTYPE) +- info->stat.st_size = 0; /* links 0 size on tape */ +- else ++ info->stat.st_size = OFF_FROM_HEADER (header->header.size); ++ if (info->stat.st_size < 0) + { +- info->stat.st_size = OFF_FROM_HEADER (header->header.size); +- if (info->stat.st_size < 0) +- { +- status = HEADER_FAILURE; +- break; +- } ++ status = HEADER_FAILURE; ++ break; + } + ++ info->skipped = false; ++ + if (header->header.typeflag == GNUTYPE_LONGNAME + || header->header.typeflag == GNUTYPE_LONGLINK + || header->header.typeflag == XHDTYPE +@@ -513,11 +508,15 @@ read_header (union block **return_block, struct tar_stat_info *info, + } + + *bp = '\0'; ++ info->skipped = true; + } + else if (header->header.typeflag == XHDTYPE + || header->header.typeflag == SOLARIS_XHDTYPE) +- xheader_read (&info->xhdr, header, +- OFF_FROM_HEADER (header->header.size)); ++ { ++ xheader_read (&info->xhdr, header, ++ OFF_FROM_HEADER (header->header.size)); ++ info->skipped = true; ++ } + else if (header->header.typeflag == XGLTYPE) + { + struct xheader xhdr; +@@ -531,6 +530,7 @@ read_header (union block **return_block, struct tar_stat_info *info, + OFF_FROM_HEADER (header->header.size)); + xheader_decode_global (&xhdr); + xheader_destroy (&xhdr); ++ info->skipped = true; + if (mode == read_header_x_global) + { + status = HEADER_SUCCESS_EXTENDED; +@@ -1440,23 +1440,6 @@ skip_member (void) + skim_member (false); + } + +-static bool +-member_is_dir (struct tar_stat_info *info, char typeflag) +-{ +- switch (typeflag) { +- case AREGTYPE: +- case REGTYPE: +- case CONTTYPE: +- return info->had_trailing_slash; +- +- case DIRTYPE: +- return true; +- +- default: +- return false; +- } +-} +- + /* Skip the current member in the archive. + If MUST_COPY, always copy instead of skipping. */ + void +@@ -1464,18 +1447,17 @@ skim_member (bool must_copy) + { + if (!current_stat_info.skipped) + { +- bool is_dir = member_is_dir (¤t_stat_info, +- current_header->header.typeflag); + set_next_block_after (current_header); + + mv_begin_read (¤t_stat_info); + + if (current_stat_info.is_sparse) + sparse_skim_file (¤t_stat_info, must_copy); +- else if (!is_dir) ++ else + skim_file (current_stat_info.stat.st_size, must_copy); + + mv_end (); ++ current_stat_info.skipped = true; + } + } + +diff --git a/tests/Makefile.am b/tests/Makefile.am +index 6cf726c0..baeb55bb 100644 +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -133,6 +133,7 @@ TESTSUITE_AT = \ + extrac23.at\ + extrac24.at\ + extrac25.at\ ++ extrac32.at\ + filerem01.at\ + filerem02.at\ + grow.at\ +diff --git a/tests/extrac32.at b/tests/extrac32.at +new file mode 100644 +index 00000000..3829a483 +--- /dev/null ++++ b/tests/extrac32.at +@@ -0,0 +1,47 @@ ++# Check for file injection bug with symlinks. -*- Autotest -*- ++ ++# Copyright 2026 Free Software Foundation, Inc. ++ ++# This file is part of GNU tar. ++ ++# GNU tar is free software; you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation; either version 3 of the License, or ++# (at your option) any later version. ++ ++# GNU tar is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++ ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ ++# Thanks to Guillermo de Angel for the bug report and test cases; see: ++# https://lists.gnu.org/r/bug-tar/2026-03/msg00007.html ++ ++AT_SETUP([skip file injection]) ++AT_KEYWORDS([injection]) ++AT_DATA([archive.in], ++[/Td6WFoAAATm1rRGBMDbAYAcIQEcAAAAAAAAACYr+9LgDf8A010AMZhKvfVdtHe4Rxjj7M03ek97 ++UgeKfJ0ORqYg0XDFntWxdTH4PYrTOo9CoqBrnTM2NcwFBrRVr7aFwdd56vddyAw2QGDjxgNexDU3 ++ImTi/+z8ZOLMi/+AybdEpd5aA/M9Maa+8tQ84bySzSAwrmxMWJJ6W9IKvsqfiRa3TrD51v44PZU/ ++KLVKpocS56n/O3g+b+hiZwaysR0eLO+tiU8FB/e3PEq3vTtDFVi/YfZMieBWSzomSX9eF13K1yPY ++UuWgp7VokXqduL0YGNVV40MTPG9oAAAApD6mpajengIAAfcBgBwAAOM4xw6xxGf7AgAAAAAEWVo= ++]) ++AT_CHECK([base64 --help >/dev/null 2>&1 || AT_SKIP_TEST ++xz --help >/dev/null 2>&1 || AT_SKIP_TEST ++base64 -d < archive.in | xz -c -d > archive.tar ++]) ++cp archive.tar /tmp ++AT_CHECK([tar tf archive.tar], ++[0], ++[carrier_entry ++marker.txt ++]) ++AT_CHECK([tar xvf archive.tar], ++[0], ++[carrier_entry ++marker.txt ++]) ++AT_CLEANUP +diff --git a/tests/skipdir.at b/tests/skipdir.at +index 7106ee74..a58a20fd 100644 +--- a/tests/skipdir.at ++++ b/tests/skipdir.at +@@ -42,15 +42,11 @@ base64 -d < archive.in | xz -c -d > archive.tar + AT_CHECK([tar tf archive.tar], + [0], + [owo1/ +-owo2/ + ]) + AT_CHECK([tar vxf archive.tar], + [0], + [owo1/ +-owo2/ + ]) + AT_CHECK([tar -xvf archive.tar --exclude owo1], +-[0], +-[owo2/ +-]) ++[0]) + AT_CLEANUP +diff --git a/tests/testsuite.at b/tests/testsuite.at +index f2229be1..58757005 100644 +--- a/tests/testsuite.at ++++ b/tests/testsuite.at +@@ -349,6 +349,7 @@ m4_include([extrac22.at]) + m4_include([extrac23.at]) + m4_include([extrac24.at]) + m4_include([extrac25.at]) ++m4_include([extrac32.at]) + + m4_include([backup01.at]) + +-- +2.44.1 + diff --git a/meta/recipes-extended/tar/tar_1.35.bb b/meta/recipes-extended/tar/tar_1.35.bb index c7bd1d195e5..f7d09a41267 100644 --- a/meta/recipes-extended/tar/tar_1.35.bb +++ b/meta/recipes-extended/tar/tar_1.35.bb @@ -48,6 +48,10 @@ SRC_URI += " \ file://0001-tests-fix-TESTSUITE_AT.patch \ file://0002-tests-check-for-recently-fixed-bug.patch \ file://0003-Exclude-VCS-directory-with-writing-from-an-archive.patch \ + file://CVE-2026-5704-dependent_p1.patch \ + file://CVE-2026-5704-dependent_p2.patch \ + file://CVE-2026-5704.patch \ + file://CVE-2026-5704-regression.patch \ " inherit ptest From patchwork Thu Jul 9 10:06:20 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92100 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 930B7C44507 for ; Thu, 9 Jul 2026 10:07:06 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5801.1783591623508109488 for ; Thu, 09 Jul 2026 03:07:03 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=UqefPTWH; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-493c5220cb7so12939215e9.3 for ; Thu, 09 Jul 2026 03:07:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591622; x=1784196422; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=GDj86slT/MePzt6WHoLlsW/qUuLYhq+nxTY0OQIOCuw=; b=UqefPTWH/Lqof0rYUBrUo8FtL7g6SACEVisCpoIcsuy4/84V3XQskjaGsu9+ih75tQ nZ6f3XG82pqoNCsRMo+roBqrLsESgcBRR+nK52N/M56G53YVhkEVLCju2bSwcbj7I7D/ T6W6FoeaYeyn25N+K5cN0X1JOvP/LPZ3475+k= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591622; x=1784196422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=GDj86slT/MePzt6WHoLlsW/qUuLYhq+nxTY0OQIOCuw=; b=dOzfHUhkBcyZcy6GTBFKXtO7YL7ckrC2xiuicTlgA3MJi6WS0bHlo76q6Ls7YSnYwu EVLhmIKvwsgyZAi+mXB3qZguegq9FGJZiQSeSfLpTqTzKrAIe7okGGtr+6wun8uP5dk9 RMVI3s/KoQk/V/jbBG8zR6oc04FJSz0um516n4xwy2JEY951zMLEd/FbFvP4N4wDWJvX pNq6KxT5ZC3kMEPRV6hNHwUTREZDA0mTBh7IQvg3DrtAoqAHb8TkRkah7SjMvCquVVF8 TDp0+5GEp5/nuBCPleiq0R5yqM2cDI2DXKQP80Bn8iD2uGHkYTNwow89eJGjBHInYSyk xlWg== X-Gm-Message-State: AOJu0Yy+ZmerKuEhztp1jjc8LwQTlcIYv8csM54LypIWmHmWZDtSQbrg nr50Uy9o8cAAEs/KFTGGsk4XoWZF38Ws1nJpVofNUDrGXRVBDVqoLNM0zJ1SSsd3ShBNbt7gTME l2Vpc1nc= X-Gm-Gg: AfdE7cko+xgns+ZHN7I/wfSJ7LNzEm+zl5zk1WQ/m/YXfaWfE1AKb+ymJJf+oDUNKDj 1hq4vmcK4qSkmOkgdcb1spZsNlbeJrs5wwKoOr4mV1+s8G26sR1TgXGGlR+qCiFJjRz9eC6U1QR pwZStyND5cLPQ8ier59+sPgBBpq0j6geN3Fe+hMQS78xiOaiphKn+MmpP4Ui6nTE81EHJwG6Ndg HQFStdFeaeyTzXlt3KHlkw3RY+UI5ZRDpNTx3+AkdB2vIas/grZhRnxMnZiONXAgR4Rb8E+sRh5 glK8U5FkugLOjaZu8rjHfw+4JMKH83v2c2wVoovrqCdHeliiK3w57AeGQbahaQb5tCV1HeAXA7l EMV2Oz+NtB39znqDyqooYhjO7zqo1ZrEllVzAqvUtcobMalyEkcsGtVJQ7NE3YsiDGn7wJZejhr tN2chkNT8TAcjIzbUD1UYzmuFV4ypg8swuBVj85WBgSDihR46kW3bBWLpScDh4wOP1ReSuGoaHx LqbYxnvFAlcBhgwOvc3bNhPTsnA X-Received: by 2002:a05:600c:e54a:10b0:492:3754:15f2 with SMTP id 5b1f17b1804b1-493e68d4081mr42142345e9.32.1783591621681; Thu, 09 Jul 2026 03:07:01 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:01 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 04/25] sudo: fix pam-wheel sed for sudo 1.9.17p2 sudoers Date: Thu, 9 Jul 2026 12:06:20 +0200 Message-ID: <55f7bf8cd9516971d6d01c1c890bc4c1df62b008.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240550 From: Nate Kent [YOCTO #16321] In version 1.9.17p2, the line that the recipe uses to add the 'wheel' group to the sudoers file does not exist. This updates the sed usage to the actual line in question. Signed-off-by: Nate Kent Tested-by: Siva Balasubramanian Signed-off-by: Mathieu Dubois-Briand Signed-off-by: Ross Burton Signed-off-by: Richard Purdie (cherry picked from commit 76231f202a437be221c2580d4fa0fc100c453e92) Signed-off-by: Yoann Congal --- meta/recipes-extended/sudo/sudo_1.9.17p2.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb index c934dfdce27..90672ed7afd 100644 --- a/meta/recipes-extended/sudo/sudo_1.9.17p2.bb +++ b/meta/recipes-extended/sudo/sudo_1.9.17p2.bb @@ -34,7 +34,7 @@ do_install:append () { install -D -m 644 ${WORKDIR}/sudo.pam ${D}/${sysconfdir}/pam.d/sudo if ${@bb.utils.contains('PACKAGECONFIG', 'pam-wheel', 'true', 'false', d)} ; then echo 'auth required pam_wheel.so use_uid' >>${D}${sysconfdir}/pam.d/sudo - sed -i 's/# \(%wheel ALL=(ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers + sed -i 's/# \(%wheel ALL=(ALL:ALL) ALL\)/\1/' ${D}${sysconfdir}/sudoers fi fi From patchwork Thu Jul 9 10:06:21 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92101 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id E9AB8C44509 for ; Thu, 9 Jul 2026 10:07:06 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5884.1783591624014797532 for ; Thu, 09 Jul 2026 03:07:04 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=hH5G0WMC; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-493bb510ce4so5713115e9.1 for ; Thu, 09 Jul 2026 03:07:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591622; x=1784196422; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=t5VPrSHavVfy869WW692ro24kYliKX/7kj8ba71JJ7Q=; b=hH5G0WMCjIoqapTNvm/pbG4sJ465LkWBjkKsUqoyax37s6oWRiY2U6jJIEXj0wP8zi 298yRCjZzel4D+1ECcYADYBOqab7jky/WUBPjGgYwJHKbWSXYTocwJjmWvABY1HvTkcE UeIpsNyT0mwPSbrR5kYlESbmUrsYMyFXRmogo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591622; x=1784196422; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=t5VPrSHavVfy869WW692ro24kYliKX/7kj8ba71JJ7Q=; b=GBRvuEkA5FUZ9USY0mj6/+LeJ3YDYd4CJ48UlqaAOpfGpy/tvR+Xj/s/RUhJBtpS/Y NMwtFB2i7mBGYe5/i4Fko/YtaUK/JEa/DG0wgNijKDu7NW1tL5y32IPoqzF7SJ5sTGzn rc90U7Mlv8YX/lhjvGuRka5fmvrYBr1Tui7AMRUXsyxVUgqFU3K9AtMxIkNkF61QimF5 6w/6WFAAmxgo96wEGl6wlz992FfguWU8pshSBWdumJzEMWjcohx5gQFNzdlzdwQ8zHVD PhAeNAU2r8atX7DxwU32tUNkZc0M2Y888y++kTB7IgUEfyRopiyvKjdx5Ok3n0UazJFf /gpQ== X-Gm-Message-State: AOJu0Yw7clanOiJSpDcW5M1m1g96F8F6kyvUVZWGzdiNOWXV4dyLgNjR qh6dPcCMYzCa3tlDJMkI8qr5SJwNTzIvyOBIkuURhB/rn5jqHVRVIwapktkBa5zf73fK4QaD7Ph dutYT54k= X-Gm-Gg: AfdE7cmjWTWtY3I+G4Hs9BCGxdqmlzU/UucfD/Uaii5nuk3zMeHsbZirPDm8ehkr+Gc ysv6F24WZF7BI90OLkFEpFkFGfp56u6XHbTNfGUIfv3shWiojE0T7iEzch4qz5WZKy8ErsdR+dW hYV//CwyMQ0xVa3nYwP7ISoocArrEydJyn0sN9SJyyvLrutVgN5mDk8p54QL7u7ldSmBwXKzzN1 Lp5QogrRFEm0KsFY/+hGzxIhjUFpT5lj4z7XdXvDZzM6eOvj2pr15D0mhjbQhgaevPvcgwl2id4 OacQ6G4FgAOoIN0X8FArM1I4Q7kTjbcIHN1y3HUt8WLQrn5T1Mrh66kE/bJpC2KujVxBMSl3C4+ 4hhUfPGYiQ9pQh65FviOCsLA20h+kTkkhTiiIe+pBdfOQiaTGj9nmR3jCabfGzQ3+6dLeZGMpoJ yQ4VPpSwCNoAdcWs5K6pNsCAYpJivie2UjGwQr9zBD+Ace5Vgu4CdsZWGJqQtXTSXIVAqQKlPwz Pj9PLOJm9TLzZRPUw== X-Received: by 2002:a05:600c:528e:b0:492:4363:e7eb with SMTP id 5b1f17b1804b1-493e68f03damr64806985e9.32.1783591622172; Thu, 09 Jul 2026 03:07:02 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.01 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:01 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 05/25] curl: fix CVE-2026-5773 - wrong reuse of SMB connection Date: Thu, 9 Jul 2026 12:06:21 +0200 Message-ID: <7736f905e78162ac657d7a1c790dfa5701dd6b19.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240552 From: Jaipaul Cheernam libcurl's SMB handler marks connections for reuse (connkeep) without verifying that subsequent requests target the same share. This allows a second SMB request to the same host to reuse a connection authenticated for a different share, potentially accessing data without proper authorization. The upstream fix removes connection reuse for SMB entirely in lib/protocol.c, a file introduced in curl 8.20.0. For 8.7.1, the equivalent fix is changing connkeep() to connclose() in lib/smb.c, which prevents the connection from being returned to the pool. Tested with SMBv1 server (Docker dperson/samba): Without patch: "Re-using existing connection" for different shares With patch: New connection per request, no reuse Binary verified: Curl_conncontrol arg changes from 0 (KEEP) to 1 (CLOSE) Reference: https://curl.se/docs/CVE-2026-5773.html Signed-off-by: Jaipaul Cheernam Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-5773.patch | 40 +++++++++++++++++++ meta/recipes-support/curl/curl_8.7.1.bb | 1 + 2 files changed, 41 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-5773.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-5773.patch b/meta/recipes-support/curl/curl/CVE-2026-5773.patch new file mode 100644 index 00000000000..42ec2b5a5ff --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-5773.patch @@ -0,0 +1,40 @@ +From 74a169575d6412dc0ff532acdf94de35a6c2a571 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Sun, 5 Apr 2026 18:23:35 +0200 +Subject: [PATCH] protocol: disable connection reuse for SMB(S) + +Connections should only be reused when using the same "share" (and +perhaps some additional conditions), but instead of fixing this flaw, +this change completely disables connection reuse for SMB. This protocol +is about to get dropped soon anyway. + +Reported-by: Osama Hamad +Closes #21238 + +CVE: CVE-2026-5773 +Upstream-Status: Backport [https://github.com/curl/curl/commit/74a169575d6412dc0ff532acdf94de35a6c2a571] + +Note: The upstream fix targets lib/protocol.c which was introduced in +curl 8.20.0. In 8.7.1 the equivalent is changing connkeep() to +connclose() in lib/smb.c, which prevents the connection from being +returned to the pool. The effect is identical. + +Signed-off-by: Jaipaul Cheernam +--- + lib/smb.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/lib/smb.c b/lib/smb.c +index 7c73cbcec..a1f5c9b31 100644 +--- a/lib/smb.c ++++ b/lib/smb.c +@@ -461,8 +461,7 @@ static CURLcode smb_connect(struct Curl_easy *data, bool *done) + if(!smbc->send_buf) + return CURLE_OUT_OF_MEMORY; + +- /* Multiple requests are allowed with this connection */ +- connkeep(conn, "SMB default"); ++ connclose(conn, "SMB default"); + + /* Parse the username, domain, and password */ + slash = strchr(conn->user, '/'); diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb index 14d63d63733..d0267317517 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.7.1.bb @@ -36,6 +36,7 @@ SRC_URI = " \ file://CVE-2026-1965-2.patch \ file://CVE-2026-3783.patch \ file://CVE-2026-3784.patch \ + file://CVE-2026-5773.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Thu Jul 9 10:06:22 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92102 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 04BDEC44508 for ; Thu, 9 Jul 2026 10:07:07 +0000 (UTC) Received: from mail-wm1-f41.google.com (mail-wm1-f41.google.com [209.85.128.41]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5885.1783591624850747152 for ; Thu, 09 Jul 2026 03:07:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=LB8JNqjN; spf=pass (domain: smile.fr, ip: 209.85.128.41, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f41.google.com with SMTP id 5b1f17b1804b1-493e497643fso9212635e9.0 for ; Thu, 09 Jul 2026 03:07:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591623; x=1784196423; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=eFEpz6vFYGVGPALKbt8jQw3l7zfKzlUpSXkTawD7/1g=; b=LB8JNqjNRIlBa7JQuz0sLaqlFsav1rhyXORx6TwKqffq5sXTbBfrGbhZO8el9cUV0x r+DJa4jKKgLY3E1gJJ1UMBVUQR1oweIZOr4wC4cxj+pyoqC0wJ9NuDm2GMGY7NX/+Wvd SNVuMw+wK79MER58lFTbRRxOCrfrqfqVqehNo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591623; x=1784196423; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=eFEpz6vFYGVGPALKbt8jQw3l7zfKzlUpSXkTawD7/1g=; b=Pfb15EuUlxOEjW448syMU9KyablCXJIZg29e/AdgAcFP8HODw/4ceaSo0pV5u54fjF BGLPBpBH3+RY0N4RrhHFcXl/dK3UgwTE0Gc5LHVoIZYn17ngcROceQ+EDa4xlj+Kl+Un mDvVJ1024fKQvuwoPUZfgrZZsvEE8hc+LDdxPlXcirO5cupEsSzKpEyPNaK9ba4lmIFO rXclZ1Vj+uEeZlz0yaXnRk+j0yo9CBMH5wKOpZ8JSND/0ccAhaHaBcaDWhh13bjXbVgr 5tiIrIkBuZAWyTRwq88tdXtLHEHWRGdY4PvY8tkV3NGMeTwdMFbEZPUcK7oX1z5CO3ub uCdA== X-Gm-Message-State: AOJu0Yy2kcUnZstQweRUaezN4L71nJ4Xu2MzWocCHbhLPAdUNkHbuBJf Wjlwj7KmQV6QlWSL2UNjl6RuyLKMlJNIxV+Iz2MVz6Zt0E4LVQ5Xh17El8yc5tZVvHAx16mRNR7 YBj033T8= X-Gm-Gg: AfdE7clJWGl2iFddlTvFu7SGTN4tHFi7IFLDzWQe1ApwErYN0t/hnkVNLCaFEV7Qo6O DD5UCZpqp3hJ9QOkRJDPgjg3YtybmPGLIGzvFJn2BatjowxMJqaZLs5I1mjvrn7wvYJttiOJBJV +IC8m8oyEUd0+vqRevc7SDfxAQFk5eT/EV7sHwajrfAHEQn3r0ueuhLes0JHNye2ExdXnlFY6X6 QgFY5fAT9j9Wmw0W5gpyMmCBUJdUIrX2rS2sQxWwy+9BhptSQ+GNECoEgXwyjuup/u0bLbgNwp4 d6282FvSzGVP5O97MVT8E9Fmth5AYaglB053KlfzOrwhhPYt5vVvirRQ1jXf60SioyTFKhBSqc0 FIkHpwrDcnrgwlNuxUv28lDD1vlwRW5KfqCEpl8tHxZ/12K5fUbH7FOWw3GpFPANf5YaylK1Xts W1VG5tu6/nO9V7uUWB0sah2yrP4Wadhhgltl4Dgh4YjZVmpdSSlF5d+sDH6wzUgO/74UOXylVBI xLFC4bulzjP0R9Z8Q== X-Received: by 2002:a05:600c:4512:b0:493:b7cb:c5f with SMTP id 5b1f17b1804b1-493e6893c66mr61357395e9.11.1783591623037; Thu, 09 Jul 2026 03:07:03 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.02 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:02 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 06/25] binutils: Add CVE-2025-69646 to "CVE:" tag Date: Thu, 9 Jul 2026 12:06:22 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240553 From: Harish Sadineni CVE-2025-69648 was marked as a duplicate of CVE-2025-69646. The existing patch already fixes the issue associated with both CVEs. Update the "CVE:" tag to reference both identifiers. Signed-off-by: Harish Sadineni Signed-off-by: Yoann Congal --- meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch b/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch index e04d7ed6c21..e123273338c 100644 --- a/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch +++ b/meta/recipes-devtools/binutils/binutils/CVE-2025-69648.patch @@ -19,7 +19,7 @@ length field. (display_debug_ranges): Check display_debug_rnglists_unit_header return status. Stop output on error. -CVE: CVE-2025-69648 +CVE: CVE-2025-69648 CVE-2025-69646 Upstream-Status: Backport [https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=598704a00cbac5e85c2bedd363357b5bf6fcee33] (cherry picked from commit 598704a00cbac5e85c2bedd363357b5bf6fcee33) From patchwork Thu Jul 9 10:06:23 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92098 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 86A4CC44506 for ; Thu, 9 Jul 2026 10:07:06 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5887.1783591625491994515 for ; Thu, 09 Jul 2026 03:07:05 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=0PChoY3E; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-493b779003fso3740245e9.3 for ; Thu, 09 Jul 2026 03:07:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591624; x=1784196424; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=IwwOKB9XZ4JgSEv5BBpdj/BBwhiLMbssTeYU5oD/+nE=; b=0PChoY3E3pDs9EmrjY2D782C1nv3gmuQf9b4xbag/c1BJi32wDU02hwMeOj0vYPbvC ABDNR6BJV4HkAhWlERavcH5LBSjszSTSBgeXOll7JkZ15YpoIZ4lxTOpQUqafNacraIW GNBg/T1J5QR1kA/LCHjxnQvLqbgEFuHuPMFIM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591624; x=1784196424; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=IwwOKB9XZ4JgSEv5BBpdj/BBwhiLMbssTeYU5oD/+nE=; b=ZvmHrTbJz34JGDE3Ko+5l9LGJr3S5Co/GPGJBhcWzoio63IuqSkiliYxmQOX/Xp6Bq 7/THvM7rk606XaKBvfZ8AyASH6UtC1Bgy5US0X9+8zw0wCYbGS4L3BDVvM78Uh0EznKZ TGEk3+R2b9ubHQD/u6/FpO/l3ljS7s+CGHHe2koMCwc7x3NPBgZ2o2tVLL/8QnxK2QoJ B51uwfTKu74U42D1B3iwvjnpI3jvnA4e7QE0IQoq2YtYKs7osyRn72p7LyG6ouwhqqcL uDJRxEsjvJk4r38byUVfSKO/nOKnI5a34wvLkbcvBza+AKm4ylBybLeYIvml1BLby2eA 0Y1w== X-Gm-Message-State: AOJu0YyfM+hRGuxHnQHlnUg9DUf9tCNxmcKyghER76+EQ/INe4j4Wncw B7EcD8zXKm2wkE99Bk26404Nl5bJGQ9t4DvYw/FMsggd1IIMEsrIzD70vhEQCfTvOnqKUtv7R5I 3384lgTA= X-Gm-Gg: AfdE7cnMCePZVyg/GLfFBQkxA6uVRdrHw3LAsLWvaFyzqOlnyQ60K71bx1gfhoorKaz ZunYHRm9t/sBVkLgNFbgcONnV1gv7SZBZ0JlU931D0x/APPgtcfmSbc0ALhZLKlv8OcGr1EdxeQ h0B5My6q4gkULhKaELfE5/4iY01FLXSfVl6dl+WLryw1GVenJAF/2q9JPKDACn1liFXX6Ex9++2 nK4l+PMwihlGdNMVp3eFJ7lQ5zytmnmAjZo1RdrB7KTOwzFnt4ZyBCWXOWit8E0Dg+AUNnLMvox z2cW8P3dOnVIFIgDkZSWrqbE7rsM7HaIUmTqrCrmA9tZ20hOQ/K61YwXWRR+AA7wZTA2wO6IzRP EraIw/NBiTjhtmVh8F+N3oLXjKYRdkqtGaeotjlerqFxZtyL0J5aB1CfvWkv0LgxMTpSdm5hFLm d74uW4wSTzBZYpajyeQ8HC8XNAS/gz/QgREycebuMMet/lhcRiFZzOnjb87INmIG1b9c/0bCKzo RfM8dZCT06QiO5qSw== X-Received: by 2002:a05:600c:820b:b0:493:c194:4e7a with SMTP id 5b1f17b1804b1-493e68aef5emr57001905e9.3.1783591623526; Thu, 09 Jul 2026 03:07:03 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:03 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 07/25] dhcpcd: patch CVE-2026-56113 Date: Thu, 9 Jul 2026 12:06:23 +0200 Message-ID: <13da45b004b8abd4cbbcb424791bc19e6b9cac90.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:06 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240554 From: Theo Gaige (Schneider Electric) Backport patch [1] mentionned in [2] [1] https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25 [2] https://security-tracker.debian.org/tracker/CVE-2026-56113 Signed-off-by: Theo Gaige (Schneider Electric) Signed-off-by: Yoann Congal --- .../dhcpcd/dhcpcd_10.0.6.bb | 1 + .../dhcpcd/files/CVE-2026-56113.patch | 92 +++++++++++++++++++ 2 files changed, 93 insertions(+) create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb index 6bde9b1f515..65dcbe52ec9 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb @@ -15,6 +15,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma file://dhcpcd.service \ file://dhcpcd@.service \ file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ + file://CVE-2026-56113.patch \ " SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862" diff --git a/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch new file mode 100644 index 00000000000..6727bc1a69f --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56113.patch @@ -0,0 +1,92 @@ +From 9f953ada0df6e7a568f006f3ae0ff10a77a95924 Mon Sep 17 00:00:00 2001 +From: Roy Marples +Date: Tue, 23 Jun 2026 02:17:10 +0100 +Subject: [PATCH] DHCPv6: When deprecating addresses, restart on prefix + deletions + +As that might invalidate the next address to iterate on. + +Reported-by: CuB3y0nd + +(cherry picked from commit 5733d3c59a5651f64357ac11c98b4f39895c8d25) + +CVE: CVE-2026-56113 +Upstream-Status: Backport [https://github.com/NetworkConfiguration/dhcpcd/commit/5733d3c59a5651f64357ac11c98b4f39895c8d25] +Signed-off-by: Theo Gaige (Schneider Electric) +--- + src/dhcp6.c | 21 ++++++++++++++++++--- + 1 file changed, 18 insertions(+), 3 deletions(-) + +diff --git a/src/dhcp6.c b/src/dhcp6.c +index bdc3664e..5154bf41 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -2480,12 +2480,13 @@ dhcp6_findia(struct interface *ifp, struct dhcp6_message *m, size_t l, + } + + #ifndef SMALL +-static void ++static bool + dhcp6_deprecatedele(struct ipv6_addr *ia) + { + struct ipv6_addr *da, *dan, *dda; + struct timespec now; + struct dhcp6_state *state; ++ bool freed = false; + + timespecclear(&now); + TAILQ_FOREACH_SAFE(da, &ia->pd_pfxs, pd_next, dan) { +@@ -2511,11 +2512,14 @@ dhcp6_deprecatedele(struct ipv6_addr *ia) + if (IN6_ARE_ADDR_EQUAL(&dda->addr, &da->addr)) + break; + } +- if (dda != NULL) { ++ if (dda != ia && dda != NULL) { + TAILQ_REMOVE(&state->addrs, dda, next); + ipv6_freeaddr(dda); ++ freed = true; + } + } ++ ++ return freed; + } + #endif + +@@ -2523,7 +2527,11 @@ static void + dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs) + { + struct ipv6_addr *ia, *ian; ++#ifndef SMALL ++ bool again; ++#endif + ++again: + TAILQ_FOREACH_SAFE(ia, addrs, next, ian) { + if (ia->flags & IPV6_AF_EXTENDED) + ; +@@ -2545,7 +2553,9 @@ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs) + /* If we delegated from this prefix, deprecate or remove + * the delegations. */ + if (ia->flags & IPV6_AF_DELEGATEDPFX) +- dhcp6_deprecatedele(ia); ++ again = dhcp6_deprecatedele(ia); ++ else ++ again = false; + #endif + + if (ia->flags & IPV6_AF_REQUEST) { +@@ -2558,6 +2568,11 @@ dhcp6_deprecateaddrs(struct ipv6_addrhead *addrs) + if (ia->flags & IPV6_AF_EXTENDED) + ipv6_deleteaddr(ia); + ipv6_freeaddr(ia); ++#ifndef SMALL ++ /* Deletion may invalidate the next pointer so restart */ ++ if (again) ++ goto again; ++#endif + } + } + +-- +2.43.0 + From patchwork Thu Jul 9 10:06:24 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92105 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4787CC4450C for ; Thu, 9 Jul 2026 10:07:07 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5803.1783591626528576538 for ; Thu, 09 Jul 2026 03:07:06 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=BkhPL51O; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-493d1e8aa46so12972465e9.0 for ; Thu, 09 Jul 2026 03:07:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591625; x=1784196425; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=B1w3kL3kaWGbPrFpOktrQFR40rJ1VtuYWrgumn+cQIk=; b=BkhPL51Ot/4S5q/JVCNKXzrPxxttoCfPZxru1EEj7ngbsjIk8MbARv2CYdilEyxNRx CTpZKCQjKAyGxzMCgF0D3clplCgdI1QDRfWwe/SnImXN4TVUn1RmF2SeoNSlMyp7Kmin wYc6IdymNQ8VQiNByllodeMNBcj6EXN4uDseo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591625; x=1784196425; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=B1w3kL3kaWGbPrFpOktrQFR40rJ1VtuYWrgumn+cQIk=; b=f+5TTtYoefk8ZVoJA5emu1fE7NNkOZbk2pQAivuegqe+/2e3fYJ1WmfNG8OqmK/EfK CqLyZsj/X37Pwvu+BAcJEP9+YpVl4zi4E1skcSwLWEiIaRSLmLb1WMkSKfUwTiWG2WR6 opA8Cvl/Tl4ShkVZs52X+lUai6FSXTEGjeh+q0g9H0HGXSk+7sgZIGU88x9MERzprDgY q7jI3LkoOBS6mYbiS0nP+LdfoA0ybwrRxcM0Cw/2K9SawyFavApR0jII0SqZamBXyyvV tUBAyJkinlJWLvMpPp4BIftHgGx78dVHbiK++GOr+ny+pnYKjtZw5SqWFugkySZKddDk arFg== X-Gm-Message-State: AOJu0YyTQh/RAgH/92NEMKEnJVZX8TKYTG3J1NFoL6pZ6K2aP+x7s3xl 2c/a2iyjKF/zvGg4m8IYUraprbuywOxtyy16fCw2V9ovQPOUbNSj9XGG0mzq0h+fT1rR9dYSFqC u96Osimc= X-Gm-Gg: AfdE7ckNbPyIoUZHo2Sq0ple/Qv41bE45n9iAKCE5bU5jpTSbOsgDe2wSeoTY2GBbdM GgEGk6qfS4NLOudeq+UNHmn6dJgUrRHDF55Pl2Nd4xm+N1qgfFuxVMZVeJHH8xSKTOKtSno7VuB rjDKvrpLy8bCB8buLn+45DWB7brgSpdbc0EhH9VT9mFIoYM+BUAOUbAJWbX2Pvo9pVlwsogAqYL hhHwn5cUtZ6L9HiUgIhMyimrp0Ym8qoUDrevLAPJ7PxzvvvajN1c318Vn9lbXU4OzlBTTARQXeo smjmspWGEkJva3BVzLJeSLhyw6HPX9jtauDfU1Kzm4/WfQnQ9mJ5xsSx3eEixL/PToGCOA3/htr 5ewBQr1va9HzltqxUx/NaAck5Y5hk9v8mRacPKJjL47pCNqL09U+rXX7xfi0+AFfOrSrVpON4pA xjuk731E5bRQUer90M4Nk8b3HcNmPKa5/QPVSCOvva8KVYZq0CYEvDAjgUE8inC1paKx6gBCuW/ sB2FOobYGhz70AxiA== X-Received: by 2002:a05:600c:8a08:b0:493:eed4:7210 with SMTP id 5b1f17b1804b1-493eed47225mr7159895e9.11.1783591624605; Thu, 09 Jul 2026 03:07:04 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:03 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 08/25] dhcpcd: patch CVE-2026-56114 Date: Thu, 9 Jul 2026 12:06:24 +0200 Message-ID: <6c3c37d54bacce4fa4ff82997f458f99c333e175.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:07 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240555 From: Theo Gaige (Schneider Electric) Backport patch [1] mentionned in [2] [1] https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029 [2] https://security-tracker.debian.org/tracker/CVE-2026-56114 Signed-off-by: Theo Gaige (Schneider Electric) Signed-off-by: Yoann Congal --- .../dhcpcd/dhcpcd_10.0.6.bb | 1 + .../dhcpcd/files/CVE-2026-56114.patch | 34 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb index 65dcbe52ec9..bc87b91503c 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb @@ -16,6 +16,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma file://dhcpcd@.service \ file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ file://CVE-2026-56113.patch \ + file://CVE-2026-56114.patch \ " SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862" diff --git a/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch new file mode 100644 index 00000000000..748dc1ee8ca --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56114.patch @@ -0,0 +1,34 @@ +From fd86ded940524f60174582faa96f583c168589ef Mon Sep 17 00:00:00 2001 +From: Roy Marples +Date: Tue, 23 Jun 2026 02:06:55 +0100 +Subject: [PATCH] DHCPv6: Prefix exclude option can be 17 octets (#671) + +Well that's a simple off by one error + +Reported-by: CuB3y0nd + +(cherry picked from commit 2f00c7bfc408b6582d331932dfa47829c4819029) + +CVE: CVE-2026-56114 +Upstream-Status: Backport [https://github.com/NetworkConfiguration/dhcpcd/commit/2f00c7bfc408b6582d331932dfa47829c4819029] +Signed-off-by: Theo Gaige (Schneider Electric) +--- + src/dhcp6.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dhcp6.c b/src/dhcp6.c +index 5154bf41..1eac9f23 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -1006,7 +1006,7 @@ dhcp6_makemessage(struct interface *ifp) + + /* RFC6603 Section 4.2 */ + if (ap->prefix_exclude_len) { +- uint8_t exb[16], *ep, u8; ++ uint8_t exb[17], *ep, u8; + const uint8_t *pp; + + n = (size_t)((ap->prefix_exclude_len - +-- +2.43.0 + From patchwork Thu Jul 9 10:06:25 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92115 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id DD84EC4450E for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wm1-f43.google.com (mail-wm1-f43.google.com [209.85.128.43]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5888.1783591627004265954 for ; Thu, 09 Jul 2026 03:07:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=ZpmusERa; spf=pass (domain: smile.fr, ip: 209.85.128.43, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f43.google.com with SMTP id 5b1f17b1804b1-493c59f740cso12802715e9.3 for ; Thu, 09 Jul 2026 03:07:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591625; x=1784196425; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=U3buRPtu3q9no6eD4d0fEsDvc+kEbCP92fVpxuRrP9A=; b=ZpmusERaFdz4JPlVyQ35by5J/yaMpERmO/Xt2VlttaDbRa//gmRKD9xf8IBOfwm1OA cbV+EmvD9oprU5dboOTf1A9akKb7jUecyUu8R4kwWCIDUh+dkSD7gc3PzLIVtBbxflYC 5FFwyLknNTcoc5Rh/3vb4EWtG6z4tVrMqaAZU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591625; x=1784196425; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=U3buRPtu3q9no6eD4d0fEsDvc+kEbCP92fVpxuRrP9A=; b=mRhkceniKnaULhN1njVxtJw/NH8qr8lAfJ6r05x7BmHNQHH4wH0xXbPvHNo/2taTG5 cwSDNDk/J8L43J/QDTeRmwxgLpIImjq8rjMTiCYr5hciHp4lv/0n1qCEDiw6ZD66J9SR Xsfhm/vRCL7uIMw8Vy7ODph4s+8iMkRHfCi567UiU5i3ncagrC5eShBQ4Lj1K2KXbfiw hjPmUQp4BBdP6XN7Uq3KB0p+aOM2zMeyGtlz7faP/GTUUdR8ijyJdC2Vsp4GrF8qlAsl KIoeU8NQWvNdt9QzFD5VqHc4ApjuANXfFabOMkeRSuUcHaEnQw83B9FnbZIyrIWCdWj+ BBIg== X-Gm-Message-State: AOJu0YwbhSxGT+J16/K7XACZI7jaj4ITwNn8NDSwAwXmQlsJnv5V8QXu YdWabuS6S5eeKk6oV0fE9AMLDhYSi1SMxbyWlb6cODDA+QfMgPCpjAkVBX5leD37AFOMw4CWw4R ZUwVA3Bo= X-Gm-Gg: AfdE7claNSW+bBPY5Vkmk1LqPfGcvDaXVGDs+LCLXRNBChS7INsTXW6jhWd/4fNPR1v 9LF/fq0gMdRewZLo0urZKYT4FI9zwgSsbU3Ssh1KA8b3FalSAk70d9AarAtxbv6V4/HjtzLtw4x UkRPVOpLGANOHOao302v12zKGMgBvm7U+15HeGYzJBSdKAaqCMPHLSq0dVUywfNlWVUk7P2/xxR usRKEc8PO81QhBsFKgVP8ENPcP9xiL177bsevBNQ/yd7MJazhYCe8dgeTvyLSAdm0nF58xBtG+m gvMwb0QXEt8SQqGhCxMhR+vkpZ8sb2VYxBOyjkX0AnKUsfgfg/+GhaHVC90YRiDU2PNNzI0ugNj pwvDuzuOresgiiSS6vYrdGNwK4BO3/NkZsycjXagPZg6bjZImWBaBJAW1midXCbasbt6IQmp8+e 9NRWj3HxHIghjmC/3TGxu/i59dh9xdif2m3aDDp1+E4vcIsTiVzap9C/YY+jF160+KOkMijGJuf WPnjVT3m6O2tPHuHw== X-Received: by 2002:a05:600c:4e0e:b0:490:e60b:6860 with SMTP id 5b1f17b1804b1-493e6892ea6mr58280155e9.7.1783591625132; Thu, 09 Jul 2026 03:07:05 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:04 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 09/25] dhcpcd: patch CVE-2026-56117 Date: Thu, 9 Jul 2026 12:06:25 +0200 Message-ID: <629de8825792878b5b02e858fcf6e5c5d0954438.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240556 From: Theo Gaige (Schneider Electric) Backport patch [1] mentionned in [2] [1] https://github.com/NetworkConfiguration/dhcpcd/commit/78ea09ed1633a583dbcde6e7bab9df4639ec8a34 [2] https://security-tracker.debian.org/tracker/CVE-2026-56117 Signed-off-by: Theo Gaige (Schneider Electric) Signed-off-by: Yoann Congal --- .../dhcpcd/dhcpcd_10.0.6.bb | 1 + .../dhcpcd/files/CVE-2026-56117.patch | 167 ++++++++++++++++++ 2 files changed, 168 insertions(+) create mode 100644 meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch diff --git a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb index bc87b91503c..e6854e1c7f2 100644 --- a/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb +++ b/meta/recipes-connectivity/dhcpcd/dhcpcd_10.0.6.bb @@ -17,6 +17,7 @@ SRC_URI = "git://github.com/NetworkConfiguration/dhcpcd;protocol=https;branch=ma file://0001-dhcpcd.8-Fix-conflict-error-when-enable-multilib.patch \ file://CVE-2026-56113.patch \ file://CVE-2026-56114.patch \ + file://CVE-2026-56117.patch \ " SRCREV = "1c8ae59836fa87b4c63c598087f0460ec20ed862" diff --git a/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch new file mode 100644 index 00000000000..4f79453aeda --- /dev/null +++ b/meta/recipes-connectivity/dhcpcd/files/CVE-2026-56117.patch @@ -0,0 +1,167 @@ +From 52e0746deeace02b0ea039441d6cdc58f026018d Mon Sep 17 00:00:00 2001 +From: Roy Marples +Date: Mon, 22 Jun 2026 23:41:53 +0100 +Subject: [PATCH] control: Avoid hangup in the recvdata path + +Instead return an error and bubble it up where it can be +hangup / freed more cleanly. + +Reported-by: CuB3y0nd + +(cherry picked from commit 78ea09ed1633a583dbcde6e7bab9df4639ec8a34) + +CVE: CVE-2026-56117 +Upstream-Status: Backport [https://github.com/NetworkConfiguration/dhcpcd/commit/78ea09ed1633a583dbcde6e7bab9df4639ec8a34] +Signed-off-by: Theo Gaige (Schneider Electric) +--- + src/control.c | 47 ++++++++++++++++++++++++------------------- + src/control.h | 2 +- + src/privsep-control.c | 7 ++++++- + 3 files changed, 33 insertions(+), 23 deletions(-) + +diff --git a/src/control.c b/src/control.c +index 17fd13aa..20480f69 100644 +--- a/src/control.c ++++ b/src/control.c +@@ -115,10 +115,8 @@ control_handle_read(struct fd_list *fd) + bytes = read(fd->fd, buffer, sizeof(buffer) - 1); + if (bytes == -1) + logerr(__func__); +- if (bytes == -1 || bytes == 0) { +- control_hangup(fd); +- return -1; +- } ++ if (bytes == -1 || bytes == 0) ++ return (int)bytes; + + #ifdef PRIVSEP + if (IN_PRIVSEP(fd->ctx)) { +@@ -134,15 +132,13 @@ control_handle_read(struct fd_list *fd) + if (err == 1 && + ps_ctl_sendargs(fd, buffer, (size_t)bytes) == -1) { + logerr(__func__); +- control_free(fd); + return -1; + } +- return 0; ++ return 1; + } + #endif + +- control_recvdata(fd, buffer, (size_t)bytes); +- return 0; ++ return control_recvdata(fd, buffer, (size_t)bytes); + } + + static int +@@ -205,23 +201,31 @@ static void + control_handle_data(void *arg, unsigned short events) + { + struct fd_list *fd = arg; ++ int err; + + if (!(events & (ELE_READ | ELE_WRITE | ELE_HANGUP))) + logerrx("%s: unexpected event 0x%04x", __func__, events); + + if (events & ELE_WRITE && !(events & ELE_HANGUP)) { +- if (control_handle_write(fd) == -1) +- return; ++ err = control_handle_write(fd); ++ if (err == -1) ++ goto hangup; + } + if (events & ELE_READ) { +- if (control_handle_read(fd) == -1) +- return; ++ err = control_handle_read(fd); ++ if (err == -1 || err == 0) ++ goto hangup; + } + if (events & ELE_HANGUP) +- control_hangup(fd); ++ goto hangup; ++ ++ return; ++ ++hangup: ++ control_hangup(fd); + } + +-void ++int + control_recvdata(struct fd_list *fd, char *data, size_t len) + { + char *p = data, *e; +@@ -243,12 +247,13 @@ control_recvdata(struct fd_list *fd, char *data, size_t len) + if (e == NULL) { + errno = EINVAL; + logerrx("%s: no terminator", __func__); +- return; ++ return -1; + } +- if ((size_t)argc >= sizeof(argvp) / sizeof(argvp[0])) { ++ if ((size_t)argc + 1 >= ++ sizeof(argvp) / sizeof(argvp[0])) { + errno = ENOBUFS; + logerrx("%s: no arg buffer", __func__); +- return; ++ return -1; + } + *ap++ = p; + argc++; +@@ -268,12 +273,12 @@ control_recvdata(struct fd_list *fd, char *data, size_t len) + *ap = NULL; + if (dhcpcd_handleargs(fd->ctx, fd, argc, argvp) == -1) { + logerr(__func__); +- if (errno != EINTR && errno != EAGAIN) { +- control_free(fd); +- return; +- } ++ if (errno != EINTR && errno != EAGAIN) ++ return -1; + } + } ++ ++ return 1; + } + + struct fd_list * +diff --git a/src/control.h b/src/control.h +index f5e2bc7e..c5511dd7 100644 +--- a/src/control.h ++++ b/src/control.h +@@ -75,5 +75,5 @@ struct fd_list *control_new(struct dhcpcd_ctx *, int, unsigned int); + void control_free(struct fd_list *); + void control_delete(struct fd_list *); + int control_queue(struct fd_list *, void *, size_t); +-void control_recvdata(struct fd_list *fd, char *, size_t); ++int control_recvdata(struct fd_list *fd, char *, size_t); + #endif +diff --git a/src/privsep-control.c b/src/privsep-control.c +index 40bfb164..954126c0 100644 +--- a/src/privsep-control.c ++++ b/src/privsep-control.c +@@ -108,6 +108,7 @@ ps_ctl_dispatch(void *arg, struct ps_msghdr *psm, struct msghdr *msg) + struct iovec *iov = msg->msg_iov; + struct fd_list *fd; + unsigned int fd_flags = FD_SENDLEN; ++ int err; + + switch (psm->ps_flags) { + case PS_CTL_PRIV: +@@ -131,7 +132,11 @@ ps_ctl_dispatch(void *arg, struct ps_msghdr *psm, struct msghdr *msg) + if (fd == NULL) + return -1; + ctx->ps_control_client = fd; +- control_recvdata(fd, iov->iov_base, iov->iov_len); ++ err = control_recvdata(fd, iov->iov_base, iov->iov_len); ++ if (err == -1 || err == 0) { ++ control_free(fd); ++ ctx->ps_control_client = NULL; ++ } + break; + case PS_CTL_EOF: + ctx->ps_control_client = NULL; +-- +2.43.0 + From patchwork Thu Jul 9 10:06:26 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92120 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 458ECC44510 for ; Thu, 9 Jul 2026 10:07:18 +0000 (UTC) Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5804.1783591627602935274 for ; Thu, 09 Jul 2026 03:07:07 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=HjqWdZs6; spf=pass (domain: smile.fr, ip: 209.85.128.50, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f50.google.com with SMTP id 5b1f17b1804b1-493c7902f47so12974265e9.1 for ; Thu, 09 Jul 2026 03:07:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591626; x=1784196426; darn=lists.openembedded.org; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:from:to:cc:subject:date :message-id:reply-to:content-type; bh=s78DQD9pLNJ+PIFZRBtDK711a+6GaDeOHPmI/BGmLR4=; b=HjqWdZs69WZ8Dm5wYLE3udAHpvG5oFRoFqYxcoWsOArCouYfEe3ikqFKuHwNd8LRUc eL5xJpKgQP7cYZS0FbfAHTbsusaIlkebhqqYWfAQ5IQKFsyEpaH8mrECiA53u+wGkwlb rU+Xo96kBIF42iXvKNRGHMdWWoA9BtGdpB2qQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591626; x=1784196426; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to :content-type; bh=s78DQD9pLNJ+PIFZRBtDK711a+6GaDeOHPmI/BGmLR4=; b=e8cYrEQhXCIVyvet+T8EyIc3BJ7uBRsBZKSacfI4T2FoCdsq63DEzBZqfnEJWIQfGM IT3zfzXlG0Oc5U4/QMg/vE9wgoGc/4dcx6A1KfCOWUNsSGN1/7U9BHa7VG78D/GMgd8A Xzv9FQqK8c5jcV1aqTsBU44Dy036pxO9uh3VVVUL68E2yUVDuqPEVybEYyHv32dDR93a yPLTPwgewPLUZHfi4i8qqoM3FJLk9haFsug07GJLpcFK9aUUJr/Aj6Lrsmf16yPWgOJx XdUaE1FG78tsXkkpqlyNSvSO/xIo/nGp7aquKgiMFm0EcmOl9P3nvlKA1aEoKNKnpP8b aeWw== X-Gm-Message-State: AOJu0Ywgr2BuXko0DQDrucIzWSXMmpt1s1IN0tZxCIPd+Rk1yXHY29iu 9p3BvI7uxsiNbTdhYnaMOnzevs/dmP9ZAtzNsmKzD3zIeJzxDKWvCJCYjgPGrVG0Xl3qotrba1P thYf9rRE= X-Gm-Gg: AfdE7cmw+vjkS6hNdZcmQC/k0Ji8nzy/RCWwdErXowkxZLwLPMq7yheABB86r/FFsKk v3M54k1hwN+AbaX8xmXEcK70r0R46VzjnM2oP7oOslrnawLIgOVMiEa7980VMeLsCN81WIkbwmm uT4lP77YsziGQLsWvjchrwt3p05Bdjbs27DhxUzxwCFqJDGb0/6z6F3/RLVMs8kvlO/ySBeUWB0 mas01MVk0O6pBr99KxdFymAUU0QLvIOOQTN8BtbntcHxV8cIpjbUqRBMtfEQPlboR1KGJLveeGl Axqa2FSiNi26kgMYt9kV0U+EQYUeF4yDx8D0CINXr+27DTPFOzkcIBR8Y8LBS1O6ZMn5dTR0iOF n/WbLKiOdtrGTIIh+Wi+IERCv4X+YYHat3SfP9COr2TqxovX7xWo7gjHoqcz+z4uNYMRBEHpuUV 9LnngM/A6QLoannknVzYmqTcGClbVoxFN79MYM3o2utP1kDPvEmPxOyCmZFKDrwmNxf2GbDpOlM erPHBVYmll/z0j+pw== X-Received: by 2002:a05:600c:8b34:b0:493:b03c:5650 with SMTP id 5b1f17b1804b1-493e685f1dbmr59763945e9.19.1783591625719; Thu, 09 Jul 2026 03:07:05 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:05 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 10/25] vim: fix for CVE-2026-34982, CVE-2026-34714 & CVE-2026-35177 Date: Thu, 9 Jul 2026 12:06:26 +0200 Message-ID: <8ac3bc9efbac82abf66f5ad41d4bccfdf11fefd5.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240557 From: Hitendra Prajapati Pick patch from [1], [2] & [3] also mentioned at NVD report in [4,5 & 6] [1] https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615f13a7de44c0587 [2] https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459 [3] https://github.com/vim/vim/commit/7088926316d8d4a7572a242d0765e99adfc8b083 [4] https://nvd.nist.gov/vuln/detail/CVE-2026-34982 [5] https://nvd.nist.gov/vuln/detail/CVE-2026-34714 [6] https://nvd.nist.gov/vuln/detail/CVE-2026-35177 More info : CVE-2026-34982 - vim: arbitrary command execution via modeline sandbox bypass. CVE-2026-34714 - vim: Arbitrary code execution via crafted file. CVE-2026-35177 - vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass. Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-34714.patch | 109 ++++++++++++++++++ .../vim/files/CVE-2026-34982.patch | 105 +++++++++++++++++ .../vim/files/CVE-2026-35177.patch | 60 ++++++++++ meta/recipes-support/vim/vim.inc | 3 + 4 files changed, 277 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-34714.patch create mode 100644 meta/recipes-support/vim/files/CVE-2026-34982.patch create mode 100644 meta/recipes-support/vim/files/CVE-2026-35177.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-34714.patch b/meta/recipes-support/vim/files/CVE-2026-34714.patch new file mode 100644 index 00000000000..fef167e535e --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-34714.patch @@ -0,0 +1,109 @@ +From 664701eb7576edb7c7c7d9f2d600815ec1f43459 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Mon, 30 Mar 2026 08:20:43 +0000 +Subject: [PATCH] patch 9.2.0272: [security]: 'tabpanel' can be set in a + modeline + +Problem: 'tabpanel' can be set in a modeline +Solution: Set the P_MLE flag for the 'tabpanel' option, disable + autocmd_add()/autocomd_delete() functions in restricted/secure + mode. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-2gmj-rpqf-pxvh + +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-34714 +Upstream-Status: Backport [https://github.com/vim/vim/commit/664701eb7576edb7c7c7d9f2d600815ec1f43459] +Signed-off-by: Hitendra Prajapati +--- + src/autocmd.c | 3 +++ + src/optiondefs.h | 2 +- + src/testdir/test_autocmd.vim | 5 +++++ + src/testdir/test_tabpanel.vim | 16 ++++++++++++++++ + src/version.c | 2 ++ + 5 files changed, 27 insertions(+), 1 deletion(-) + +diff --git a/src/autocmd.c b/src/autocmd.c +index 94f9c1fba4..8a6b363aad 100644 +--- a/src/autocmd.c ++++ b/src/autocmd.c +@@ -3069,6 +3069,9 @@ autocmd_add_or_delete(typval_T *argvars, typval_T *rettv, int delete) + rettv->v_type = VAR_BOOL; + rettv->vval.v_number = VVAL_FALSE; + ++ if (check_restricted() || check_secure()) ++ return; ++ + if (check_for_list_arg(argvars, 0) == FAIL) + return; + +diff --git a/src/optiondefs.h b/src/optiondefs.h +index 62d142e637..bd02d04f47 100644 +--- a/src/optiondefs.h ++++ b/src/optiondefs.h +@@ -2570,7 +2570,7 @@ static struct vimoption options[] = + (char_u *)&p_tpm, PV_NONE, NULL, NULL, + {(char_u *)10L, (char_u *)0L} SCTX_INIT}, + #if defined(FEAT_TABPANEL) +- {"tabpanel", "tpl", P_STRING|P_VI_DEF|P_RALL, ++ {"tabpanel", "tpl", P_STRING|P_VI_DEF|P_RALL|P_MLE, + (char_u *)&p_tpl, PV_NONE, NULL, NULL, + {(char_u *)"", (char_u *)0L} SCTX_INIT}, + {"tabpanelopt","tplo", P_STRING|P_ALLOCED|P_VI_DEF|P_ONECOMMA|P_COLON +diff --git a/src/testdir/test_autocmd.vim b/src/testdir/test_autocmd.vim +index 43605f7e11..1fea13b00a 100644 +--- a/src/testdir/test_autocmd.vim ++++ b/src/testdir/test_autocmd.vim +@@ -5501,4 +5501,9 @@ func Test_VimResized_and_window_width_not_equalized() + call StopVimInTerminal(buf) + endfunc + ++func Test_autocmd_add_secure() ++ call assert_fails('sandbox call autocmd_add([{"event": "BufRead", "cmd": "let x = 1"}])', 'E48:') ++ call assert_fails('sandbox call autocmd_delete([{"event": "BufRead"}])', 'E48:') ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/testdir/test_tabpanel.vim b/src/testdir/test_tabpanel.vim +index ecc12b59be..b0d4202dc4 100644 +--- a/src/testdir/test_tabpanel.vim ++++ b/src/testdir/test_tabpanel.vim +@@ -770,4 +770,20 @@ function Test_tabpanel_with_cmdline_pum() + + call StopVimInTerminal(buf) + endfunc ++ ++func Test_tabpanel_no_modeline() ++ let _tpl = &tabpanel ++ let _mls = &modelineexpr ++ ++ set nomodelineexpr ++ setlocal modeline ++ new ++ call writefile(['/* vim: set tabpanel=test: */'], 'Xtabpanel.txt', 'D') ++ call assert_fails(':e Xtabpanel.txt', 'E992:') ++ ++ let &tabpanel = _tpl ++ let &modelineexpr = _mls ++ bw! ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/version.c b/src/version.c +index 4f47ec2688..309ddf7f7c 100644 +--- a/src/version.c ++++ b/src/version.c +@@ -724,6 +724,8 @@ static char *(features[]) = + + static int included_patches[] = + { /* Add new patch number below this line */ ++/**/ ++ 1687, + /**/ + 1686, + /**/ +-- +2.50.1 + diff --git a/meta/recipes-support/vim/files/CVE-2026-34982.patch b/meta/recipes-support/vim/files/CVE-2026-34982.patch new file mode 100644 index 00000000000..e896f3b44d5 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-34982.patch @@ -0,0 +1,105 @@ +From 75661a66a1db1e1f3f1245c615f13a7de44c0587 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Tue, 31 Mar 2026 18:29:00 +0000 +Subject: [PATCH] patch 9.2.0276: [security]: modeline security bypass + +Problem: [security]: modeline security bypass +Solution: disallow mapset() from secure mode, set the P_MLE flag for the + 'complete', 'guitabtooltip' and 'printheader' options. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-8h6p-m6gr-mpw9 + +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-34982 +Upstream-Status: Backport [https://github.com/vim/vim/commit/75661a66a1db1e1f3f1245c615f13a7de44c0587] +Signed-off-by: Hitendra Prajapati +--- + src/map.c | 3 +++ + src/optiondefs.h | 6 +++--- + src/testdir/test_modeline.vim | 25 +++++++++++++++++++++++++ + 3 files changed, 31 insertions(+), 3 deletions(-) + +diff --git a/src/map.c b/src/map.c +index fbecf4aced..7677243625 100644 +--- a/src/map.c ++++ b/src/map.c +@@ -2746,6 +2746,9 @@ f_mapset(typval_T *argvars, typval_T *rettv UNUSED) + int dict_only; + mapblock_T *mp_result[2] = {NULL, NULL}; + ++ if (check_secure()) ++ return; ++ + // If first arg is a dict, then that's the only arg permitted. + dict_only = argvars[0].v_type == VAR_DICT; + if (in_vim9script() +diff --git a/src/optiondefs.h b/src/optiondefs.h +index 77155a63e8..62d142e637 100644 +--- a/src/optiondefs.h ++++ b/src/optiondefs.h +@@ -683,7 +683,7 @@ static struct vimoption options[] = + {"compatible", "cp", P_BOOL|P_RALL, + (char_u *)&p_cp, PV_NONE, did_set_compatible, NULL, + {(char_u *)TRUE, (char_u *)FALSE} SCTX_INIT}, +- {"complete", "cpt", P_STRING|P_ALLOCED|P_VI_DEF|P_ONECOMMA|P_NODUP, ++ {"complete", "cpt", P_STRING|P_ALLOCED|P_VI_DEF|P_ONECOMMA|P_NODUP|P_MLE, + (char_u *)&p_cpt, PV_CPT, did_set_complete, expand_set_complete, + {(char_u *)".,w,b,u,t,i", (char_u *)0L} + SCTX_INIT}, +@@ -1326,7 +1326,7 @@ static struct vimoption options[] = + {(char_u *)NULL, (char_u *)0L} + #endif + SCTX_INIT}, +- {"guitabtooltip", "gtt", P_STRING|P_VI_DEF|P_RWIN, ++ {"guitabtooltip", "gtt", P_STRING|P_VI_DEF|P_RWIN|P_MLE, + #if defined(FEAT_GUI_TABLINE) + (char_u *)&p_gtt, PV_NONE, NULL, NULL, + {(char_u *)"", (char_u *)0L} +@@ -2044,7 +2044,7 @@ static struct vimoption options[] = + {(char_u *)NULL, (char_u *)0L} + #endif + SCTX_INIT}, +- {"printheader", "pheader", P_STRING|P_VI_DEF|P_GETTEXT, ++ {"printheader", "pheader", P_STRING|P_VI_DEF|P_GETTEXT|P_MLE, + #ifdef FEAT_PRINTER + (char_u *)&p_header, PV_NONE, NULL, NULL, + // untranslated to avoid problems when 'encoding' +diff --git a/src/testdir/test_modeline.vim b/src/testdir/test_modeline.vim +index 1f8686328a..c00032ba72 100644 +--- a/src/testdir/test_modeline.vim ++++ b/src/testdir/test_modeline.vim +@@ -361,4 +361,29 @@ func Test_modeline_disable() + call assert_equal(2, &sw) + endfunc + ++func Test_modeline_forbidden() ++ let tempfile = tempname() ++ let lines =<< trim END ++ some test text for completion ++ vim: set complete=F{->system('touch_should_not_run')} : ++ END ++ call writefile(lines, tempfile, 'D') ++ call assert_fails($'new {tempfile}', 'E992:') ++ bw! ++ let lines =<< trim END ++ some text ++ vim: set guitabtooltip=%{%mapset()%}: ++ END ++ call writefile(lines, tempfile) ++ call assert_fails($'new {tempfile}', 'E992:') ++ bw! ++ let lines =<< trim END ++ some text ++ vim: set printheader=%{mapset('n',0,{})%)%}: ++ END ++ call writefile(lines, tempfile, 'D') ++ call assert_fails($'new {tempfile}', 'E992:') ++ bw! ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +-- +2.35.7 + diff --git a/meta/recipes-support/vim/files/CVE-2026-35177.patch b/meta/recipes-support/vim/files/CVE-2026-35177.patch new file mode 100644 index 00000000000..66e5e975e4d --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-35177.patch @@ -0,0 +1,60 @@ +From 7088926316d8d4a7572a242d0765e99adfc8b083 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Wed, 1 Apr 2026 16:23:49 +0000 +Subject: [PATCH] patch 9.2.0280: [security]: path traversal issue in zip.vim +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Problem: [security]: path traversal issue in zip.vim + (Michał Majchrowicz) +Solution: Detect more such attacks and warn the user. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24 + +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-35177 +Upstream-Status: Backport [https://github.com/vim/vim/commit/7088926316d8d4a7572a242d0765e99adfc8b083] +Signed-off-by: Hitendra Prajapati +--- + runtime/autoload/zip.vim | 8 +++++++- + 1 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/runtime/autoload/zip.vim b/runtime/autoload/zip.vim +index c46ec44708..e57fbcfde0 100644 +--- a/runtime/autoload/zip.vim ++++ b/runtime/autoload/zip.vim +@@ -16,6 +16,7 @@ + " 2024 Aug 21 by Vim Project: simplify condition to detect MS-Windows + " 2025 Mar 11 by Vim Project: handle filenames with leading '-' correctly + " 2025 Jul 12 by Vim Project: drop ../ on write to prevent path traversal attacks ++" 2026 Apr 01 by Vim Project: Detect more path traversal attacks + " License: Vim License (see vim's :help license) + " Copyright: Copyright (C) 2005-2019 Charles E. Campbell {{{1 + " Permission is hereby granted to use and distribute this code, +@@ -246,6 +247,11 @@ fun! zip#Write(fname) + return + endif + ++ if simplify(a:fname) =~ '\.\.[/\\]' ++ call s:Mess('Error', "***error*** (zip#Write) Path Traversal Attack detected, not writing!") ++ return ++ endif ++ + let curdir= getcwd() + let tmpdir= tempname() + if tmpdir =~ '\.' +@@ -344,7 +350,7 @@ fun! zip#Extract() + if fname =~ '/$' + call s:Mess('Error', "***error*** (zip#Extract) Please specify a file, not a directory") + return +- elseif fname =~ '^[.]\?[.]/' ++ elseif fname =~ '^[.]\?[.]/' || simplify(fname) =~ '\.\.[/\\]' + call s:Mess('Error', "***error*** (zip#Browse) Path Traversal Attack detected, not extracting!") + return + endif +-- +2.35.7 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index 1396ac4fbc7..e9b5df291d2 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -22,6 +22,9 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://CVE-2026-28418.patch \ file://CVE-2026-28419.patch \ file://CVE-2026-39881.patch \ + file://CVE-2026-34982.patch \ + file://CVE-2026-34714.patch \ + file://CVE-2026-35177.patch \ " PV .= ".1683" From patchwork Thu Jul 9 10:06:27 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92108 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 42BC3C43458 for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5806.1783591628418868076 for ; Thu, 09 Jul 2026 03:07:08 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=021Nhjq3; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-493bc8fda98so12243125e9.0 for ; Thu, 09 Jul 2026 03:07:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591627; x=1784196427; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=YxujmGIcIB1R2Wl6HOOVqk64xP19YCoQheBX2sUcrVA=; b=021Nhjq3U5krjc/F50o1kM8iT2AncsEkkudMrB1yFrLE5beYgowoUZMfmwy8LxGvXv I2pvUAipNn0JetzZ8YwcwPrAixwOE5rOBP/zVpxhVwM1wu4EUTwdqvWIn9ZQ4APYUUq9 RPSr7EnybycdkFROnsQF/SrPgNwFiFgRgibHg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591627; x=1784196427; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=YxujmGIcIB1R2Wl6HOOVqk64xP19YCoQheBX2sUcrVA=; b=eR/k65cjvS3jDlRxudnpVnnzZbEl5YE+rdZDQ4yr/g+qCx005CDVuNY5/HMPp44epy 521Gc6DJW4vYd6JcxrgzhX049ItFRFwYjyBX7szll/KV+iTy6U5cYmADED0GCucWgkvB mku0jZOCHVJ+MdhqGk2F0lCemeVwa7wFoYkAHO9WZeRb5d9h+zVE1EeTpy9YrLjVy4+A b17hsExHDBkV0uRLMBX4+9m/6H2dd0kl0t1fFEakgEJ0PBoAHAUn1MJjJUSgcIZd0nkF S47KszlC56KAh9l7OdAg+PJEyIrQ3nH9FAhZl6Pknc5SaM8ACxb1UU13TDBYiB4Fptea xibA== X-Gm-Message-State: AOJu0Ywo6/RTRZk0lmsAS1k+1V/rgxKf8+hzzRkVKpaXnE7p8aezWrKs 6hXFp0sTu/Q8Ian2Bjt6t5c8X5cNyYkJfiQayJbZhXAfArjugw9HuQ2T1WQa0cGwFZCRqX0WlRL VfIE9Cx0= X-Gm-Gg: AfdE7cmzBLMDvTrJs8v5YMh0+N/2Mm2ms6470660xVq1ycma55XbsbUTlKylIWEDckJ HcsECmAZdAcp03zgkdNBElRjLK5blOfya2I4KNQGlJrw1F29bnvYJjTfHqEgjV0VS0jlQOIBkR6 7D7BmTRfLa2Vj7Y1CgCSHzs60zFTxBk73A7Hvv4jdexnagawl+jIPKYBahLrwg62D+SRDeEkMbf N7OWHiQ6O3bQn58F1mQuAlzDh1vFVPWRTSE7YTTJdg42SLT9Z9vU1RKAFRlPks+5B4S33kSnezB Y1LpYwhnRlTz8UhA+zbs5vJLpZECC9phEu0Neb+Ct6pSzrS1eA5JgddjU5LMKVDER40VfFXkFuI polDg6H5AFHxzG/5fB0MKxgYmPFzz2uqQItPRQQfYS6iCLQP48OF98KLvaRNPeitrOlkHNJ8n0f IV9AbOumSLh6TP7tAUMPTBrhSMzUxEgxS+2hRAcekMKFs54EPn/hLOZ8N+j1D+VJWzgsv4EDnyj TJUizg6H+rTdSUMMyJBtLu4uvns X-Received: by 2002:a05:600c:6098:b0:493:c432:f48f with SMTP id 5b1f17b1804b1-493e68384camr63227045e9.0.1783591626422; Thu, 09 Jul 2026 03:07:06 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.05 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:05 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 11/25] vim: fix for CVE-2026-28421, CVE-2026-41411 & CVE-2026-44656 Date: Thu, 9 Jul 2026 12:06:27 +0200 Message-ID: <467a876ebf63823938faa946c1b8e5ec515bf40a.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240558 From: Hitendra Prajapati Pick patch from [1], [2] & [3] also mentioned at NVD report in [4,5 & 6] [1] https://github.com/vim/vim/commit/65c1a143c331c886dc28888dd632708f953b4eb3 [2] https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb [3] https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0 [4] https://nvd.nist.gov/vuln/detail/CVE-2026-28421 [5] https://nvd.nist.gov/vuln/detail/CVE-2026-41411 [6] https://nvd.nist.gov/vuln/detail/CVE-2026-44656 More info : CVE-2026-28421 - Validate block tree indices and readfile() line bounds. CVE-2026-41411 - Disallow backticks before attempting to expand filenames. CVE-2026-44656 - Prevent shell execution from 'path' backticks via modelines. Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-28421.patch | 148 ++++++++++++++++++ .../vim/files/CVE-2026-41411.patch | 75 +++++++++ .../vim/files/CVE-2026-44656.patch | 130 +++++++++++++++ meta/recipes-support/vim/vim.inc | 3 + 4 files changed, 356 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-28421.patch create mode 100644 meta/recipes-support/vim/files/CVE-2026-41411.patch create mode 100644 meta/recipes-support/vim/files/CVE-2026-44656.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-28421.patch b/meta/recipes-support/vim/files/CVE-2026-28421.patch new file mode 100644 index 00000000000..cd3dd1d13f7 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-28421.patch @@ -0,0 +1,148 @@ +From 65c1a143c331c886dc28888dd632708f953b4eb3 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Mon, 23 Feb 2026 21:42:39 +0000 +Subject: [PATCH] patch 9.2.0077: [security]: Crash when recovering a corrupted + swap file + +Problem: memline: a crafted swap files with bogus pe_page_count/pe_bnum + values could cause a multi-GB allocation via mf_get(), and + invalid pe_old_lnum/pe_line_count values could cause a SEGV + when passed to readfile() (ehdgks0627, un3xploitable) +Solution: Add bounds checks on pe_page_count and pe_bnum against + mf_blocknr_max before descending into the block tree, and + validate pe_old_lnum >= 1 and pe_line_count > 0 before calling + readfile(). + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-r2gw-2x48-jj5p + +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-28421 +Upstream-Status: Backport [https://github.com/vim/vim/commit/65c1a143c331c886dc28888dd632708f953b4eb3] +Signed-off-by: Hitendra Prajapati +--- + src/memline.c | 29 ++++++++++++++++++++++++++-- + src/po/vim.pot | 5 ++++- + src/testdir/test_recover.vim | 37 ++++++++++++++++++++++++++++++++++++ + 3 files changed, 68 insertions(+), 3 deletions(-) + +diff --git a/src/memline.c b/src/memline.c +index b93eb0a..15ac203 100644 +--- a/src/memline.c ++++ b/src/memline.c +@@ -1597,8 +1597,12 @@ ml_recover(int checkext) + if (!cannot_open) + { + line_count = pp->pb_pointer[idx].pe_line_count; +- if (readfile(curbuf->b_ffname, NULL, lnum, +- pp->pb_pointer[idx].pe_old_lnum - 1, ++ linenr_T pe_old_lnum = pp->pb_pointer[idx].pe_old_lnum; ++ // Validate pe_line_count and pe_old_lnum from the ++ // untrusted swap file before passing to readfile(). ++ if (line_count <= 0 || pe_old_lnum < 1 || ++ readfile(curbuf->b_ffname, NULL, lnum, ++ pe_old_lnum - 1, + line_count, NULL, 0) != OK) + cannot_open = TRUE; + else +@@ -1629,6 +1633,27 @@ ml_recover(int checkext) + bnum = pp->pb_pointer[idx].pe_bnum; + line_count = pp->pb_pointer[idx].pe_line_count; + page_count = pp->pb_pointer[idx].pe_page_count; ++ // Validate pe_bnum and pe_page_count from the untrusted ++ // swap file before passing to mf_get(), which uses ++ // page_count to calculate allocation size. A bogus value ++ // (e.g. 0x40000000) would cause a multi-GB allocation. ++ // pe_page_count must be >= 1 and bnum + page_count must ++ // not exceed the number of pages in the swap file. ++ if (page_count < 1 ++ || bnum + page_count > mfp->mf_blocknr_max + 1) ++ { ++ ++error; ++ ml_append(lnum++, ++ (char_u *)_("???ILLEGAL BLOCK NUMBER"), ++ (colnr_T)0, TRUE); ++ // Skip this entry and pop back up the stack to keep ++ // recovering whatever else we can. ++ idx = ip->ip_index + 1; ++ bnum = ip->ip_bnum; ++ page_count = 1; ++ --buf->b_ml.ml_stack_top; ++ continue; ++ } + idx = 0; + continue; + } +diff --git a/src/po/vim.pot b/src/po/vim.pot +index 9608271..be79cf0 100644 +--- a/src/po/vim.pot ++++ b/src/po/vim.pot +@@ -8,7 +8,7 @@ msgid "" + msgstr "" + "Project-Id-Version: Vim\n" + "Report-Msgid-Bugs-To: vim-dev@vim.org\n" +-"POT-Creation-Date: 2026-04-30 12:40+0200\n" ++"POT-Creation-Date: 2026-02-27 21:04+0000\n" + "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" + "Last-Translator: FULL NAME \n" + "Language-Team: LANGUAGE \n" +@@ -1960,6 +1960,9 @@ msgstr "" + msgid "???LINES MISSING" + msgstr "" + ++msgid "???ILLEGAL BLOCK NUMBER" ++msgstr "" ++ + msgid "???BLOCK MISSING" + msgstr "" + +diff --git a/src/testdir/test_recover.vim b/src/testdir/test_recover.vim +index db59223..93425f1 100644 +--- a/src/testdir/test_recover.vim ++++ b/src/testdir/test_recover.vim +@@ -471,4 +471,41 @@ func Test_noname_buffer() + call assert_equal(['one', 'two'], getline(1, '$')) + endfunc + ++" Test for recovering a corrupted swap file, those caused a crash ++func Test_recover_corrupted_swap_file1() ++ CheckUnix ++ " only works correctly on 64bit Unix systems: ++ if v:sizeoflong != 8 || !has('unix') ++ throw 'Skipped: Corrupt Swap file sample requires a 64bit Unix build' ++ endif ++ " Test 1: Heap buffer-overflow ++ new ++ let sample = 'samples/recover-crash1.swp' ++ let target = 'Xpoc1.swp' ++ call filecopy(sample, target) ++ try ++ sil recover! Xpoc1 ++ catch /^Vim\%((\S\+)\)\=:E1364:/ ++ endtry ++ let content = getline(1, '$')->join() ++ call assert_match('???ILLEGAL BLOCK NUMBER', content) ++ call delete(target) ++ bw! ++" ++" " Test 2: Segfault ++ new ++ let sample = 'samples/recover-crash2.swp' ++ let target = 'Xpoc2.swp' ++ call filecopy(sample, target) ++ try ++ sil recover! Xpoc2 ++ catch /^Vim\%((\S\+)\)\=:E1364:/ ++ endtry ++ let content = getline(1, '$')->join() ++ call assert_match('???ILLEGAL BLOCK NUMBER', content) ++ call assert_match('???LINES MISSING', content) ++ call delete(target) ++ bw! ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +-- +2.34.1 + diff --git a/meta/recipes-support/vim/files/CVE-2026-41411.patch b/meta/recipes-support/vim/files/CVE-2026-41411.patch new file mode 100644 index 00000000000..11a34f4087f --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-41411.patch @@ -0,0 +1,75 @@ +From c78194e41d5a0b05b0ddf383b6679b1503f977fb Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Wed, 15 Apr 2026 20:17:17 +0000 +Subject: [PATCH] patch 9.2.0357: [security]: command injection via backticks + in tag files + +Problem: [security]: command injection via backticks in tag files + (Srinivas Piskala Ganesh Babu, Andy Ngo) +Solution: Disallow backticks before attempting to expand filenames. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8 + +Supported by AI + +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-41411 +Upstream-Status: Backport [https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb] +Signed-off-by: Hitendra Prajapati +--- + src/tag.c | 4 +++- + src/testdir/test_tagjump.vim | 22 ++++++++++++++++++++++ + 2 files changed, 25 insertions(+), 1 deletion(-) + +diff --git a/src/tag.c b/src/tag.c +index d3a7399..0e203f0 100644 +--- a/src/tag.c ++++ b/src/tag.c +@@ -4126,8 +4126,10 @@ expand_tag_fname(char_u *fname, char_u *tag_fname, int expand) + + /* + * Expand file name (for environment variables) when needed. ++ * Disallow backticks, they could execute arbitrary shell ++ * commands. This is not needed for tag filenames. + */ +- if (expand && mch_has_wildcard(fname)) ++ if (expand && mch_has_wildcard(fname) && vim_strchr(fname, '`') == NULL) + { + ExpandInit(&xpc); + xpc.xp_context = EXPAND_FILES; +diff --git a/src/testdir/test_tagjump.vim b/src/testdir/test_tagjump.vim +index 47618d0..a95b8b5 100644 +--- a/src/testdir/test_tagjump.vim ++++ b/src/testdir/test_tagjump.vim +@@ -1670,4 +1670,26 @@ func Test_tag_excmd_with_number_vim9script() + bwipe! + endfunc + ++" Test that backtick expressions in tag filenames are not expanded. ++" This prevents command injection via malicious tags files. ++func Test_tag_backtick_filename_not_expanded() ++ let pwned_file = 'Xtags_pwnd' ++ call assert_false(filereadable(pwned_file)) ++ ++ let tagline = "main\t`touch " .. pwned_file .. "`\t/^int main/;\"\tf" ++ call writefile([tagline], 'Xbt_tags', 'D') ++ call writefile(['int main(int argc, char **argv) {', '}'], 'Xbt_main.c', 'D') ++ ++ set tags=Xbt_tags ++ sp Xbt_main.c ++ ++ " The :tag command should fail to find the file, but must NOT execute ++ " the backtick shell command. ++ call assert_fails('tag main', 'E429:') ++ call assert_false(filereadable(pwned_file)) ++ ++ set tags& ++ bwipe! ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +-- +2.34.1 + diff --git a/meta/recipes-support/vim/files/CVE-2026-44656.patch b/meta/recipes-support/vim/files/CVE-2026-44656.patch new file mode 100644 index 00000000000..70cd72b098b --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-44656.patch @@ -0,0 +1,130 @@ +From 190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Sun, 3 May 2026 16:10:03 +0000 +Subject: [PATCH] patch 9.2.0435: [security]: backticks in 'path' may cause + shell execution on completion + +Problem: [security]: Backticks enclosed shell commands in the 'path' + option value are executed during completion (q1uf3ng). +Solution: Skip path entries containing backticks, add P_SECURE to 'path' + option, so that it cannot be set from a modeline (for symmetry with + the 'cdpath' option) + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-hwg5-3cxw-wvvg + +Supported by AI. + +Signed-off-by: Christian Brabandt + +CVE: CVE-2026-44656 +Upstream-Status: Backport [https://github.com/vim/vim/commit/190cb3c2b9c769a3972bcfd991a7b5b6cb771ef0] +Signed-off-by: Hitendra Prajapati +--- + runtime/doc/options.txt | 5 ++++- + src/findfile.c | 4 ++++ + src/optiondefs.h | 2 +- + src/testdir/test_find_complete.vim | 17 +++++++++++++++++ + src/testdir/test_modeline.vim | 14 ++++++++++++++ + 5 files changed, 40 insertions(+), 2 deletions(-) + +diff --git a/runtime/doc/options.txt b/runtime/doc/options.txt +index 8dba6f4..d06411f 100644 +--- a/runtime/doc/options.txt ++++ b/runtime/doc/options.txt +@@ -1,4 +1,4 @@ +-*options.txt* For Vim version 9.1. Last change: 2025 Aug 23 ++*options.txt* For Vim version 9.2. Last change: 2026 May 03 + + + VIM REFERENCE MANUAL by Bram Moolenaar +@@ -6615,6 +6615,9 @@ A jump table for the options with a short description can be found at |Q_op|. + < Replace the ';' with a ':' or whatever separator is used. Note that + this doesn't work when $INCL contains a comma or white space. + ++ This option cannot be set from a |modeline| or in the |sandbox|, for ++ security reasons. ++ + *'perldll'* + 'perldll' string (default depends on the build) + global +diff --git a/src/findfile.c b/src/findfile.c +index 008338c..f73a66b 100644 +--- a/src/findfile.c ++++ b/src/findfile.c +@@ -2412,6 +2412,10 @@ expand_path_option( + { + buflen = copy_option_part(&path_option, buf, MAXPATHL, " ,"); + ++ // do not expand backticks, could have been set via a modeline ++ if (vim_strchr(buf, '`') != NULL) ++ continue; ++ + if (buf[0] == '.' && (buf[1] == NUL || vim_ispathsep(buf[1]))) + { + size_t plen; +diff --git a/src/optiondefs.h b/src/optiondefs.h +index bd02d04..72d3f36 100644 +--- a/src/optiondefs.h ++++ b/src/optiondefs.h +@@ -1957,7 +1957,7 @@ static struct vimoption options[] = + (char_u *)&p_pm, PV_NONE, + did_set_backupext_or_patchmode, NULL, + {(char_u *)"", (char_u *)0L} SCTX_INIT}, +- {"path", "pa", P_STRING|P_EXPAND|P_VI_DEF|P_COMMA|P_NODUP, ++ {"path", "pa", P_STRING|P_EXPAND|P_VI_DEF|P_SECURE|P_COMMA|P_NODUP, + (char_u *)&p_path, PV_PATH, NULL, NULL, + { + #if defined(AMIGA) || defined(MSWIN) +diff --git a/src/testdir/test_find_complete.vim b/src/testdir/test_find_complete.vim +index 079fb78..8b8b71c 100644 +--- a/src/testdir/test_find_complete.vim ++++ b/src/testdir/test_find_complete.vim +@@ -161,4 +161,21 @@ func Test_find_complete() + set path& + endfunc + ++" Verify that backticks in 'path' are not executed ++func Test_find_completion_backtick_in_path() ++ CheckUnix ++ CheckExecutable id ++ ++ new Xpoc.c ++ setl path+=`id>Xrce_marker` ++ " Triggering completion must not execute the backtick command. ++ call getcompletion('', 'file_in_path') ++ call assert_false(filereadable('Xrce_marker')) ++ call feedkeys(":find \t\n", "xt") ++ call assert_false(filereadable('Xrce_marker')) ++ ++ bwipe! ++ call delete('Xrce_marker') ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +diff --git a/src/testdir/test_modeline.vim b/src/testdir/test_modeline.vim +index c00032b..fc11cc6 100644 +--- a/src/testdir/test_modeline.vim ++++ b/src/testdir/test_modeline.vim +@@ -386,4 +386,18 @@ func Test_modeline_forbidden() + bw! + endfunc + ++" Verify that backticks in 'path' set from a modeline are not executed ++func Test_path_modeline() ++ let lines =<< trim END ++ // vim: set path+=foobar : ++ END ++ call writefile(lines, 'Xpoc.c', 'D') ++ ++ set nomodelinestrict modeline ++ call assert_fails('split Xpoc.c', 'E520:') ++ ++ bwipe! ++ set modelinestrict& modeline& ++endfunc ++ + " vim: shiftwidth=2 sts=2 expandtab +-- +2.34.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index e9b5df291d2..b7cdd61c93e 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -25,6 +25,9 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://CVE-2026-34982.patch \ file://CVE-2026-34714.patch \ file://CVE-2026-35177.patch \ + file://CVE-2026-44656.patch \ + file://CVE-2026-41411.patch \ + file://CVE-2026-28421.patch \ " PV .= ".1683" From patchwork Thu Jul 9 10:06:28 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92111 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8E958C44508 for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5807.1783591628970496682 for ; Thu, 09 Jul 2026 03:07:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=fR6P6DSu; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-493c52cde9eso6351085e9.3 for ; Thu, 09 Jul 2026 03:07:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591627; x=1784196427; darn=lists.openembedded.org; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:from:to:cc:subject:date :message-id:reply-to:content-type; bh=e52foYiClEJHnDtuNLVMghfzBSpD6whg02BHmFzwCQE=; b=fR6P6DSum6oY5+OAPLSBC0M4Qp+nX8YdN8Qtwu5mhFP0PZ3Utkpks31q+mhxIpGEOE GMTAGVig/lKMlZRi5dr/mYwhqQL+IqM9cwSJaoX/lWhgeDScGv1oLS+ujk29e0ptP8rW AFiUdgwXAvAxtvTFUXleWGUCoFA+2Cnd8/CiU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591627; x=1784196427; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to :content-type; bh=e52foYiClEJHnDtuNLVMghfzBSpD6whg02BHmFzwCQE=; b=X1jlHndQXCCRVBb/aaAqPeRsWO8QIs144Lxbi/1G4abGUAhaJh9oIY6VgHgBRQov3o xNn3xOZxDF6NWraEqCECnK47/zlrXIjmzEr4TpMx7VMVAdcUiHM4Lhh2op2YgTPbOv2H MSRrPE3JtETs8YMFpOF4ZxNmg/C+08XWsMYkZ3Z262j5ixYSMSsY8SYYehQd2aNdGG24 oLefykbi/TQ3DxVAltPCLVckFX/10FvyieOLSLR64Gh/8T9cp/9ikr5phL1vyQLZxdAt 8PArxMBClxLMYI7AOzbzLDrdbtN6+yOHIeTulElJeG4+G/umH6QGX1rrpbzzsuyPO0tQ kBDg== X-Gm-Message-State: AOJu0YzG8zqz5sT75v+eUTof4o2htZOFSTL6XNeDaAeebwybltMTk93/ qTZ1t0a3tnNRtqt687En4WH/NMuUbujr+yYmpkoBbfYGtTyrrXp4rSS5X20A7QhIX3G3TUh4p76 T8lSuEdk= X-Gm-Gg: AfdE7ckXBU+D+Nt736gA9YfXMDyCioo1jzK0Vy1JoSHNZ2DXsTDH9em+oLqiF5ipMNL oIMutGTWhi1KnimAgtSGLuQAklptoOl0RBMs9PrhO0RgYG5nfRGy6mfrHk6SyQme74S/m4bVKwK x3BlL/ThYnu8OnmNaZ5cwDcksXcAtRFQxcfdiCoqKZYOJoxTdbojW5O2gtUFvbFyPF+DeA43FUe l0Ux1ejLKyENusG7f7i8aYew/Ovl0Rw7WjY0E1QrSnRxScjAOi+FVTycVsptjemY8d2q5ZDaagn 883RLaQxE/22RqcM9Nc4/VGyGOMW6GTvjb8WM8FBiVcpgtlIL+STDcUsFigh5ndAwMInUmzfL1X R0Vix77ooPMTxMd5n65XSPEIH1Sl+hJPjJdgf/0ZCu2F01TRlJmWPwwEPk09P1RzZrv0UfY80sk 5CF3ZJj7DtJkQN4oyhnHySCqtLX9i65WcYq0nhioF2t8sFlEzClenviIM0wISZTVS8qOyHua6B2 biRmhT3K35QGzrAiQ== X-Received: by 2002:a05:600c:3e0f:b0:493:9cb3:53fc with SMTP id 5b1f17b1804b1-493e7e84c21mr52149175e9.11.1783591627041; Thu, 09 Jul 2026 03:07:07 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.06 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:06 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 12/25] vim: Fix for CVE-2026-28417, CVE-2026-32249, CVE-2026-45130 Date: Thu, 9 Jul 2026 12:06:28 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240559 From: Hitendra Prajapati Pick patch from [1], [2] & [3] also mentioned at NVD report in [4,5 & 6] [1] https://github.com/vim/vim/commit/79348dbbc09332130f4c86045e1541d68514fcc1 [2] https://github.com/vim/vim/commit/36d6e87542cf823d833e451e09a90ee429899cec [3] https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8 [4] https://nvd.nist.gov/vuln/detail/CVE-2026-28417 [5] https://nvd.nist.gov/vuln/detail/CVE-2026-32249 [6] https://nvd.nist.gov/vuln/detail/CVE-2026-45130 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-28417.patch | 92 ++++++++++++++ .../vim/files/CVE-2026-32249.patch | 117 ++++++++++++++++++ .../vim/files/CVE-2026-45130.patch | 115 +++++++++++++++++ meta/recipes-support/vim/vim.inc | 3 + 4 files changed, 327 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-28417.patch create mode 100644 meta/recipes-support/vim/files/CVE-2026-32249.patch create mode 100644 meta/recipes-support/vim/files/CVE-2026-45130.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-28417.patch b/meta/recipes-support/vim/files/CVE-2026-28417.patch new file mode 100644 index 00000000000..c36bd9c2344 --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-28417.patch @@ -0,0 +1,92 @@ +From 79348dbbc09332130f4c86045e1541d68514fcc1 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Sun, 22 Feb 2026 21:24:48 +0000 +Subject: [PATCH] patch 9.2.0073: [security]: possible command injection using + netrw + +Problem: [security]: Insufficient validation of hostname and port in + netrw URIs allows command injection via shell metacharacters + (ehdgks0627, un3xploitable). +Solution: Implement stricter RFC1123 hostname and IP validation. + Use shellescape() for the provided hostname and port. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-m3xh-9434-g336 + +Signed-off-by: Christian Brabandt + +Upstream-Status: Backport [https://github.com/vim/vim/commit/79348dbbc09332130f4c86045e1541d68514fcc1] +CVE: CVE-2026-28417 +Signed-off-by: Hitendra Prajapati +--- + .../pack/dist/opt/netrw/autoload/netrw.vim | 34 +++++++++++++------ + 1 file changed, 24 insertions(+), 10 deletions(-) + +diff --git a/runtime/pack/dist/opt/netrw/autoload/netrw.vim b/runtime/pack/dist/opt/netrw/autoload/netrw.vim +index 1c98104..7ebcd92 100644 +--- a/runtime/pack/dist/opt/netrw/autoload/netrw.vim ++++ b/runtime/pack/dist/opt/netrw/autoload/netrw.vim +@@ -5,6 +5,7 @@ + " 2025 Aug 07 by Vim Project (use correct "=~#" for netrw_stylesize option #17901) + " 2025 Aug 07 by Vim Project (netrw#BrowseX() distinguishes remote files #17794) + " 2025 Aug 22 by Vim Project netrw#Explore handle terminal correctly #18069 ++" 2026 Feb 27 by Vim Project Make the hostname validation more strict + " Copyright: Copyright (C) 2016 Charles E. Campbell {{{1 + " Permission is hereby granted to use and distribute this code, + " with or without modifications, provided that this copyright +@@ -2575,13 +2576,26 @@ endfunction + + " s:NetrwValidateHostname: Validate that the hostname is valid {{{2 + " Input: +-" hostname ++" hostname, may include an optional username, e.g. user@hostname ++" allow a alphanumeric hostname or an IPv(4/6) address + " Output: + " true if g:netrw_machine is valid according to RFC1123 #Section 2 + function s:NetrwValidateHostname(hostname) +- " RFC1123#section-2 mandates, a valid hostname starts with letters or digits +- " so reject everyhing else +- return a:hostname =~? '^[a-z0-9]' ++ " Username: ++ let user_pat = '\%([a-zA-Z0-9._-]\+@\)\?' ++ " Hostname: 1-64 chars, alphanumeric/dots/hyphens. ++ " No underscores. No leading/trailing dots/hyphens. ++ let host_pat = '[a-zA-Z0-9]\%([-a-zA-Z0-9.]{,62}[a-zA-Z0-9]\)\?$' ++ ++ " IPv4: 1-3 digits separated by dots ++ let ipv4_pat = '\%(\d\{1,3}\.\)\{3\}\d\{1,3\}$' ++ ++ " IPv6: Hex, colons, and optional brackets ++ let ipv6_pat = '\[\?\%([a-fA-F0-9:]\{2,}\)\+\]\?$' ++ ++ return a:hostname =~? '^'.user_pat.host_pat || ++ \ a:hostname =~? '^'.user_pat.ipv4_pat || ++ \ a:hostname =~? '^'.user_pat.ipv6_pat + endfunction + + " NetUserPass: set username and password for subsequent ftp transfer {{{2 +@@ -8948,15 +8962,15 @@ endfunction + " s:MakeSshCmd: transforms input command using USEPORT HOSTNAME into {{{2 + " a correct command for use with a system() call + function s:MakeSshCmd(sshcmd) +- if s:user == "" +- let sshcmd = substitute(a:sshcmd,'\',s:machine,'') +- else +- let sshcmd = substitute(a:sshcmd,'\',s:user."@".s:machine,'') ++ let machine = shellescape(s:machine, 1) ++ if s:user != '' ++ let machine = shellescape(s:user, 1).'@'.machine + endif ++ let sshcmd = substitute(a:sshcmd,'\',machine,'') + if exists("g:netrw_port") && g:netrw_port != "" +- let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.g:netrw_port,'') ++ let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.shellescape(g:netrw_port,1),'') + elseif exists("s:port") && s:port != "" +- let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.s:port,'') ++ let sshcmd= substitute(sshcmd,"USEPORT",g:netrw_sshport.' '.shellescape(s:port,1),'') + else + let sshcmd= substitute(sshcmd,"USEPORT ",'','') + endif +-- +2.34.1 + diff --git a/meta/recipes-support/vim/files/CVE-2026-32249.patch b/meta/recipes-support/vim/files/CVE-2026-32249.patch new file mode 100644 index 00000000000..18691c3f4ce --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-32249.patch @@ -0,0 +1,117 @@ +From 36d6e87542cf823d833e451e09a90ee429899cec Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Wed, 11 Mar 2026 14:16:29 +0100 +Subject: [PATCH] patch 9.2.0137: [security]: crash with composing char in + collection range + +Problem: Using a composing character as the end of a range inside a + collection may corrupt the NFA postfix stack + (Nathan Mills, after v9.1.0011) +Solution: When a character is used as the endpoint of a range, do not emit + its composing characters separately. Range handling only uses + the base codepoint. + +supported by AI + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-9phh-423r-778r + +Signed-off-by: Christian Brabandt + +Upstream-Status: Backport [https://github.com/vim/vim/commit/36d6e87542cf823d833e451e09a90ee429899cec] +CVE: CVE-2026-32249 +Signed-off-by: Hitendra Prajapati +--- + src/regexp_nfa.c | 17 +++++++++++++++-- + src/testdir/test_regexp_utf8.vim | 19 +++++++++++++++++++ + 2 files changed, 34 insertions(+), 2 deletions(-) + +diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c +index 6ad682b..7905ec1 100644 +--- a/src/regexp_nfa.c ++++ b/src/regexp_nfa.c +@@ -1765,6 +1765,7 @@ collection: + if (*endp == ']') + { + int plen; ++ bool range_endpoint; + /* + * Try to reverse engineer character classes. For example, + * recognize that [0-9] stands for \d and [A-Za-z_] for \h, +@@ -1812,6 +1813,7 @@ collection: + while (regparse < endp) + { + int oldstartc = startc; ++ range_endpoint = false; + + startc = -1; + got_coll_char = FALSE; +@@ -1975,6 +1977,7 @@ collection: + if (emit_range) + { + int endc = startc; ++ range_endpoint = true; + + startc = oldstartc; + if (startc > endc) +@@ -2053,7 +2056,14 @@ collection: + } + } + +- if (enc_utf8 && (utf_ptr2len(regparse) != (plen = utfc_ptr2len(regparse)))) ++ // ++ // If this character was consumed as the end of a range, do not emit its ++ // composing characters separately. Range handling only uses the base ++ // codepoint; emitting the composing part again would duplicate the ++ // character in the postfix stream and corrupt the NFA stack. ++ // ++ if (!range_endpoint && enc_utf8 && ++ (utf_ptr2len(regparse) != (plen = utfc_ptr2len(regparse)))) + { + int i = utf_ptr2len(regparse); + +@@ -3187,7 +3197,10 @@ nfa_max_width(nfa_state_T *startstate, int depth) + ++len; + if (state->c != NFA_ANY) + { +- // skip over the characters ++ // Skip over the compiled collection. ++ // malformed NFAs must not crash width estimation. ++ if (state->out1 == NULL || state->out1->out == NULL) ++ return -1; + state = state->out1->out; + continue; + } +diff --git a/src/testdir/test_regexp_utf8.vim b/src/testdir/test_regexp_utf8.vim +index a4353f1..3b58416 100644 +--- a/src/testdir/test_regexp_utf8.vim ++++ b/src/testdir/test_regexp_utf8.vim +@@ -615,6 +615,25 @@ func Test_search_multibyte_match_ascii() + call assert_equal(['ſſ','ſ'], noic_match3, "No-Ignorecase Collection Regex-engine: " .. &re) + endfor + bw! ++ set ignorecase&vim re&vim ++endfun ++ ++func Test_regex_collection_range_with_composing_crash() ++ " Regression test: composing char in collection range caused NFA crash/E874 ++ new ++ call setline(1, ['00', '0ֻ', '01']) ++ let patterns = [ '0[0-0ֻ]\@", 'E486:') ++ endfor ++ endfor ++ ++ bwipe! + endfunc + + " vim: shiftwidth=2 sts=2 expandtab +-- +2.34.1 + diff --git a/meta/recipes-support/vim/files/CVE-2026-45130.patch b/meta/recipes-support/vim/files/CVE-2026-45130.patch new file mode 100644 index 00000000000..0a1a93de99b --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-45130.patch @@ -0,0 +1,115 @@ +From 92993329178cb1f72d700fff45ca86e1c2d369f8 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Wed, 6 May 2026 20:50:00 +0200 +Subject: [PATCH] patch 9.2.0450: [security]: heap buffer overflow in + spellfile.c read_compound() + +Problem: read_compound() in spellfile.c computes the size of the regex + pattern buffer using signed-int arithmetic on the attacker + controlled SN_COMPOUND sectionlen. With sectionlen=0x40000008 + and UTF-8 encoding active the multiplication wraps to 27 while + the per-byte loop writes up to ~1B bytes, overflowing the heap. + Reachable when loading a crafted .spl file (e.g. via 'set spell' + after a modeline sets 'spelllang'). The cp/ap/crp allocations + have the same int + 1 overflow class (Daniel Cervera) +Solution: Use type size_t as buffer size and reject values larger than + COMPOUND_MAX_LEN (100000). Apply the same size_t treatment to + the cp/ap/crp allocations. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-q4jv-r9gj-6cwv + +Co-Authored-By: Claude Opus 4.7 (1M context) +Signed-off-by: Christian Brabandt + +Upstream-Status: Backport [https://github.com/vim/vim/commit/92993329178cb1f72d700fff45ca86e1c2d369f8] +CVE: CVE-2026-45130 +Signed-off-by: Hitendra Prajapati +--- + src/spellfile.c | 20 ++++++++++++++------ + src/testdir/test_spellfile.vim | 4 ++++ + 2 files changed, 18 insertions(+), 6 deletions(-) + +diff --git a/src/spellfile.c b/src/spellfile.c +index 0b9536d..768e9fd 100644 +--- a/src/spellfile.c ++++ b/src/spellfile.c +@@ -296,6 +296,9 @@ + #define CF_WORD 0x01 + #define CF_UPPER 0x02 + ++// Max allowed length for COMPOUND section ++#define COMPOUND_MAX_LEN 100000 ++ + /* + * Loop through all the siblings of a node (including the node) + */ +@@ -1225,6 +1228,8 @@ read_compound(FILE *fd, slang_T *slang, int len) + char_u *crp; + int cnt; + garray_T *gap; ++ size_t patsize; ++ size_t flagsize; + + if (todo < 2) + return SP_FORMERROR; // need at least two bytes +@@ -1281,16 +1286,19 @@ read_compound(FILE *fd, slang_T *slang, int len) + // "a[bc]/a*b+" -> "^\(a[bc]\|a*b\+\)$". + // Inserting backslashes may double the length, "^\(\)$" is 7 bytes. + // Conversion to utf-8 may double the size. +- c = todo * 2 + 7; ++ if ((size_t)todo > COMPOUND_MAX_LEN) ++ return SP_FORMERROR; ++ patsize = (size_t)todo * 2 + 7; + if (enc_utf8) +- c += todo * 2; +- pat = alloc(c); ++ patsize += (size_t)todo * 2; ++ flagsize = (size_t)todo + 1; ++ pat = alloc(patsize); + if (pat == NULL) + return SP_OTHERERROR; + + // We also need a list of all flags that can appear at the start and one + // for all flags. +- cp = alloc(todo + 1); ++ cp = alloc(flagsize); + if (cp == NULL) + { + vim_free(pat); +@@ -1299,7 +1307,7 @@ read_compound(FILE *fd, slang_T *slang, int len) + slang->sl_compstartflags = cp; + *cp = NUL; + +- ap = alloc(todo + 1); ++ ap = alloc(flagsize); + if (ap == NULL) + { + vim_free(pat); +@@ -1311,7 +1319,7 @@ read_compound(FILE *fd, slang_T *slang, int len) + // And a list of all patterns in their original form, for checking whether + // compounding may work in match_compoundrule(). This is freed when we + // encounter a wildcard, the check doesn't work then. +- crp = alloc(todo + 1); ++ crp = alloc(flagsize); + slang->sl_comprules = crp; + + pp = pat; +diff --git a/src/testdir/test_spellfile.vim b/src/testdir/test_spellfile.vim +index b72974e..d345492 100644 +--- a/src/testdir/test_spellfile.vim ++++ b/src/testdir/test_spellfile.vim +@@ -334,6 +334,10 @@ func Test_spellfile_format_error() + " SN_COMPOUND: incorrect comppatlen + call Spellfile_Test(0z080000000007040101000000020165, 'E758:') + ++ " SN_COMPOUND: oversized sectionlen ++ let v = eval('0z08004000000803010161' .. repeat('61', 50) .. 'FF') ++ call Spellfile_Test(v, 'E759:') ++ + " SN_INFO: missing info + call Spellfile_Test(0z0F0000000005040101, '') + +-- +2.34.1 + diff --git a/meta/recipes-support/vim/vim.inc b/meta/recipes-support/vim/vim.inc index b7cdd61c93e..53590befc4d 100644 --- a/meta/recipes-support/vim/vim.inc +++ b/meta/recipes-support/vim/vim.inc @@ -28,6 +28,9 @@ SRC_URI = "git://github.com/vim/vim.git;branch=master;protocol=https \ file://CVE-2026-44656.patch \ file://CVE-2026-41411.patch \ file://CVE-2026-28421.patch \ + file://CVE-2026-32249.patch \ + file://CVE-2026-28417.patch \ + file://CVE-2026-45130.patch \ " PV .= ".1683" From patchwork Thu Jul 9 10:06:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92113 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id A4542C4450A for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wr1-f52.google.com (mail-wr1-f52.google.com [209.85.221.52]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5808.1783591629565896362 for ; Thu, 09 Jul 2026 03:07:09 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Kuhik+LZ; spf=pass (domain: smile.fr, ip: 209.85.221.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f52.google.com with SMTP id ffacd0b85a97d-475881b9a4bso1449245f8f.3 for ; Thu, 09 Jul 2026 03:07:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591628; x=1784196428; darn=lists.openembedded.org; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:from:to:cc:subject:date :message-id:reply-to:content-type; bh=wvOtHD7gkvjKzUfvHyv1Ry1O8WUlcmQJ/V42EA6QyTs=; b=Kuhik+LZnZ9mpCDF48Mbpp/F2KUu0Arra030eUJYneSTTPs4mw64Skyp1s0sOIRwQP KV+n47qs4eq9A6Y/EXgUPfMjaZjKMV3gR9Ij6RlPP62KeqaQzMvHLagM1/ys1eLinR5N Xd62yNF/zuTGq+bJkhTWZzrrxB9kZLFVN4i5I= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591628; x=1784196428; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to :content-type; bh=wvOtHD7gkvjKzUfvHyv1Ry1O8WUlcmQJ/V42EA6QyTs=; b=kZ+OTpssje68ZwCkAOfc33L2/2kMptIlPsfRjuNmjFx/EOoH799kT4yHdTplp+gZWj i8NP3dilgLq0AQo1Y+yOuAZbQvjo4zdzahRe+qeFYklsb9Z2nr9tsvGLwF8T0TUElwo8 DSuMUyygoSNuspLQRTNIOBtMMRpEuL3t9mt33MgGj1mUPpahjtuvNP+nOZpDOkebhXD+ 4Ke4lg9hqccTil0gQZKnwtz5xPfyPC2vsyZUdP2HOt2ktA+eYnW5MGNKF/TPu7i0owBP Zd/7Bmsf+nXY2afAkUX9C/nkRH2I7AhPGkZjNNRox5a1SZFxcql3szO6FvntnDKKYE5K M5Ng== X-Gm-Message-State: AOJu0YzbpskoADUKDC42L24Wq2BoeN0A1nER724/G7KiIbwuO0N9i0Nh QlrL980iuZZZn8FR/UY2JcmNkuO9rbjp9bRtnPJvQRL3waElNDNuE5qHnmTpvtXMaVf6pcepKF+ JlqP48Z4= X-Gm-Gg: AfdE7ckMeIp1pZcpKkfZB5AUBan2W5/kM8i+sNn3bo8RtaWNQ+AjLFggH0mizGF+fme lU3x/vcrkV1LRSoQciGZex6b3JE1xuMFjcLmHNN8gyiYBlHEL0VoDiWV+xHlatGBZ1SRbpFUAgE csSzhj35nHBhfM58+XfvVfHHI+IP0j+GtUTBwvyMhJrI+5PUMS/VBEpGjaPzcipsi8gYxFmzZ1p +qiHjP3mpjTL7U1ph9y9XCj6PbwzNCtp71ldTItDdUQHUR94K6wmFO+gLDxN+mAi6sACsXSL/bA s+LCoR+d8q5zRXfXczxx4O6x8cWa9ht+4riu58tJdchRm9eQFFPy3s8DBSdpc7sv2oqzcIn0D/x oWRd3uTmcxnjP2d3R5TB9EoWJNl1MEdI71J8vUW/SVNPbG7nf2vjAqCb5sFgsOru4TUGqxDdAuA mzoMdMcd1OlyyE1wlk3yHDpEua5BFtqer20qwmVqYB5S3y8J2cJq+UwzqKTnWNNNUEYo8GdZ3Sh StWqy4gRQQ7Vv65xQ== X-Received: by 2002:a05:600c:3b92:b0:493:e892:f03c with SMTP id 5b1f17b1804b1-493e892f05amr47966035e9.10.1783591627558; Thu, 09 Jul 2026 03:07:07 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:07 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 13/25] vim: Security fix for CVE-2026-28420 & CVE-2026-46483 Date: Thu, 9 Jul 2026 12:06:29 +0200 Message-ID: <17aca2e58563f39ad36bea45fa316739217e3262.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240560 From: Hitendra Prajapati Pick patch from [1] & [2] also mentioned at NVD report in 3 & 4 [1] https://github.com/vim/vim/commit/bb6de2105b160e729c340631435cd62f3e69bd32 [2] https://github.com/vim/vim/commit/3fb5e58fbc63d86a3e65f1a141b0d67af2aa38a1 [3] https://nvd.nist.gov/vuln/detail/CVE-2026-28420 [4] https://nvd.nist.gov/vuln/detail/CVE-2026-46483 Signed-off-by: Hitendra Prajapati Signed-off-by: Yoann Congal --- .../vim/files/CVE-2026-28420.patch | 162 ++++++++++++++++++ .../vim/files/CVE-2026-46483.patch | 77 +++++++++ meta/recipes-support/vim/vim.inc | 2 + 3 files changed, 241 insertions(+) create mode 100644 meta/recipes-support/vim/files/CVE-2026-28420.patch create mode 100644 meta/recipes-support/vim/files/CVE-2026-46483.patch diff --git a/meta/recipes-support/vim/files/CVE-2026-28420.patch b/meta/recipes-support/vim/files/CVE-2026-28420.patch new file mode 100644 index 00000000000..f5b2f42f6ad --- /dev/null +++ b/meta/recipes-support/vim/files/CVE-2026-28420.patch @@ -0,0 +1,162 @@ +From bb6de2105b160e729c340631435cd62f3e69bd32 Mon Sep 17 00:00:00 2001 +From: Christian Brabandt +Date: Mon, 23 Feb 2026 20:29:43 +0000 +Subject: [PATCH] patch 9.2.0076: [security]: buffer-overflow in terminal + handling + +Problem: When processing terminal output with many combining characters + from supplementary planes (4-byte UTF-8), a heap-buffer + overflow occurs. Additionally, the loop iterating over + cell characters can read past the end of the vterm array + (ehdgks0627, un3xploitable). +Solution: Use VTERM_MAX_CHARS_PER_CELL * 4 for ga_grow() to ensure + sufficient space. Add a boundary check to the character + loop to prevent index out-of-bounds access. + +Github Advisory: +https://github.com/vim/vim/security/advisories/GHSA-rvj2-jrf9-2phg + +Signed-off-by: Christian Brabandt + +Upstream-Status: Backport [https://github.com/vim/vim/commit/bb6de2105b160e729c340631435cd62f3e69bd32] +CVE: CVE-2026-28420 +Signed-off-by: Hitendra Prajapati +--- + src/terminal.c | 5 +- + .../samples/terminal_max_combining_chars.txt | 80 +++++++++++++++++++ + src/testdir/test_terminal3.vim | 14 ++++ + 3 files changed, 97 insertions(+), 2 deletions(-) + create mode 100644 src/testdir/samples/terminal_max_combining_chars.txt + +diff --git a/src/terminal.c b/src/terminal.c +index 921b234..78990ac 100644 +--- a/src/terminal.c ++++ b/src/terminal.c +@@ -3533,12 +3533,13 @@ handle_pushline(int cols, const VTermScreenCell *cells, void *user) + { + for (col = 0; col < len; col += cells[col].width) + { +- if (ga_grow(&ga, MB_MAXBYTES) == FAIL) ++ if (ga_grow(&ga, VTERM_MAX_CHARS_PER_CELL * 4) == FAIL) + { + ga.ga_len = 0; + break; + } +- for (i = 0; (c = cells[col].chars[i]) > 0 || i == 0; ++i) ++ for (i = 0; i < VTERM_MAX_CHARS_PER_CELL && ++ ((c = cells[col].chars[i]) > 0 || i == 0); ++i) + ga.ga_len += utf_char2bytes(c == NUL ? ' ' : c, + (char_u *)ga.ga_data + ga.ga_len); + cell2cellattr(&cells[col], &p[col]); +diff --git a/src/testdir/samples/terminal_max_combining_chars.txt b/src/testdir/samples/terminal_max_combining_chars.txt +new file mode 100644 +index 0000000..a4f508d +--- /dev/null ++++ b/src/testdir/samples/terminal_max_combining_chars.txt +@@ -0,0 +1,80 @@ ++padding line 000 ++padding line 001 ++padding line 002 ++padding line 003 ++padding line 004 ++padding line 005 ++padding line 006 ++padding line 007 ++padding line 008 ++padding line 009 ++padding line 010 ++padding line 011 ++padding line 012 ++padding line 013 ++padding line 014 ++padding line 015 ++padding line 016 ++padding line 017 ++padding line 018 ++padding line 019 ++padding line 020 ++padding line 021 ++padding line 022 ++padding line 023 ++padding line 024 ++padding line 025 ++padding line 026 ++padding line 027 ++padding line 028 ++padding line 029 ++padding line 030 ++padding line 031 ++padding line 032 ++padding line 033 ++padding line 034 ++padding line 035 ++padding line 036 ++padding line 037 ++padding line 038 ++padding line 039 ++padding line 040 ++padding line 041 ++padding line 042 ++padding line 043 ++padding line 044 ++padding line 045 ++padding line 046 ++padding line 047 ++padding line 048 ++padding line 049 ++AAAAAAAAAAAAAAAAAAAAAAAAAAAA From patchwork Thu Jul 9 10:06:30 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92112 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7175C4450B for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wr1-f46.google.com (mail-wr1-f46.google.com [209.85.221.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5809.1783591630190176467 for ; Thu, 09 Jul 2026 03:07:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=PGfkvrHZ; spf=pass (domain: smile.fr, ip: 209.85.221.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wr1-f46.google.com with SMTP id ffacd0b85a97d-471eeac43bfso1580466f8f.3 for ; Thu, 09 Jul 2026 03:07:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591628; x=1784196428; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=Xu6kVuNEdPDZQ9qsKHKyqPydRsS7HPjUtVmcp+DmPFs=; b=PGfkvrHZ6nE410cDeZNrqmHEaUFCW0Rw9u/p26gVvxzxUx/DB4RoFIsqtuDo2ZK2UN fWDGPNQefYXIKRi1LmeCVZ+t5pKLww6GJpi8cpQ6BiblZ89B+5U28AXSDgOfr5j7oHxg gfQS3LanwdYYqeexsksA7YO8GzVXpKdywhDEc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591628; x=1784196428; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=Xu6kVuNEdPDZQ9qsKHKyqPydRsS7HPjUtVmcp+DmPFs=; b=Rh25F3x3gh0d+QZUrbxI8+MnkfYyQcoi+Xxt2/s8svm9iCfeCriyYXDZDz5Ri0D5Yp uQxeoSQ+JatFpaPFUO/WXE7yEf4MWFiuXuUGaXL5rYg3YQ+jsCbDIES58jvghWBQ74YE gx938/1VODJYz74XOzkekGp+SfHvQ+8h45aZKKbeEt/Q9o9Hx7VbObyiVxwhuagyyqF3 HnHspZnH7irUS31peWz4xKFFk+/sCqj9xm+EBzkalIeqYQlwE3LaKxymK5w8FR1EH2zS xUSHDEl5j2B8qKoToHm5AVZaPJ/AF3aGQs/kEYpq9ulMJlywGUNcpMG6rWOGqYkNu8fQ w9KQ== X-Gm-Message-State: AOJu0Yw5QssGH6Duk9un5nGHayCFGANqyAJXb9L3+8+t/EZqd1UbbNH8 zONLAhykyUhQowwK+q+JLLnau1GomuN1sLnpd2cJEGIcQVvxS5vF2smSv7JERVUQM7ry7jeuyyG H9ZAa51A= X-Gm-Gg: AfdE7cnhSvnMD4UBgNj54UJh9XtoC2487IuOoz1Jl3AlrmyoNbiTJIyees6RhuDdio5 b8y3wS4Vd/bjsj9GN+11veYJpbbebF2pB8cu0rXgbIK7MU4aMWcncRKTTIfAQFEajd0+WgtfZYX 7iX7tgpHwgjHoF8Dd/SgF3Fdox9YdeD5jSCvmK8X26jmSxMTdsIO5EmuOIYMIjyZufCP8Cwli/b GSeiheWH0KAy5GpaMQEA/pX6usw5XJ+4Cs1IHs3RVDPFFi0S4mnWVzaz4fQZltu5Ll3duMLLIPm CAlIlFzY88D8gQJD2Dgn3KfLw66TnhNXxMsCej9UlTTEKUxJ2I6lNgooNJ/9V8R7LUOZUvwA51M LGaM0r4QlBm7HsdP7BUqUXkt++DdD+J0BU5YWQ8llbOcnceYOhMAtz+RMdieE1CgEIbFMh7DUbM 41QZy+tovA1w88ZYqk5f2gAO8lSTjLHoFvVqGmmW+m14mv2uUgswDZRSuGwaDcDRRhqk+fZEHBQ sGra3H96aYuYsqPzw== X-Received: by 2002:a05:600c:a43:b0:493:d741:5d72 with SMTP id 5b1f17b1804b1-493e68db0fdmr66288125e9.38.1783591628187; Thu, 09 Jul 2026 03:07:08 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.07 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:07 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 14/25] perl: patch CVE-2026-8376 Date: Thu, 9 Jul 2026 12:06:30 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240561 From: Theo Gaige (Schneider Electric) Backport patches from [1] [1] https://github.com/Perl/perl5/pull/24433 Signed-off-by: Theo Gaige (Schneider Electric) Signed-off-by: Yoann Congal --- .../perl/files/CVE-2026-8376-01.patch | 62 +++++++++++++++++++ .../perl/files/CVE-2026-8376-02.patch | 49 +++++++++++++++ meta/recipes-devtools/perl/perl_5.38.4.bb | 2 + 3 files changed, 113 insertions(+) create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch create mode 100644 meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch diff --git a/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch b/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch new file mode 100644 index 00000000000..56ab85d2be9 --- /dev/null +++ b/meta/recipes-devtools/perl/files/CVE-2026-8376-01.patch @@ -0,0 +1,62 @@ +From b0810dddd6b789ead00c346ead873370710f103e Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Tue, 12 May 2026 14:47:31 +1000 +Subject: [PATCH 1/2] perl/perl-security#147: test cases + +The suggested case from the ticket and an alternative. + +(cherry picked from commit e842efdafe7c51a687a4907e4887988fe6a025ef) + +CVE: CVE-2026-8376 +Upstream-Status: Backport [https://github.com/Perl/perl5/commit/e842efdafe7c51a687a4907e4887988fe6a025ef] +Signed-off-by: Theo Gaige (Schneider Electric) +--- + t/re/pat_psycho.t | 18 ++++++++++++++++-- + 1 file changed, 16 insertions(+), 2 deletions(-) + +diff --git a/t/re/pat_psycho.t b/t/re/pat_psycho.t +index 336039521d..73a7992372 100644 +--- a/t/re/pat_psycho.t ++++ b/t/re/pat_psycho.t +@@ -10,7 +10,7 @@ + use strict; + use warnings; + use 5.010; +- ++use Config; + + sub run_tests; + +@@ -31,7 +31,7 @@ BEGIN { + + skip_all('$PERL_SKIP_PSYCHO_TEST set') if $ENV{PERL_SKIP_PSYCHO_TEST}; + +-plan tests => 15; # Update this when adding/deleting tests. ++plan tests => 17; # Update this when adding/deleting tests. + + run_tests() unless caller; + +@@ -211,6 +211,20 @@ EOF + + + } ++ ++ SKIP: ++ { # sec #147 ++ $Config{ptrsize} == 4 ++ or skip "these only fail on x32 and use too much memory on x64", 2; ++ local $::TODO = "This crashes"; ++ # original case ++ fresh_perl_like('/\x{10000}{1073741824}/', ++ qr/Regexp out of space/, {}, "ssize_t overflow"); ++ ++ # synthesized but similar case ++ fresh_perl_like('/(?:\x{10001}\x{10000}){536870912}/', ++ qr/Regexp out of space/, {}, "ssize_t overflow again"); ++ } + } # End of sub run_tests + + 1; +-- +2.43.0 + diff --git a/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch b/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch new file mode 100644 index 00000000000..08ab11d87b5 --- /dev/null +++ b/meta/recipes-devtools/perl/files/CVE-2026-8376-02.patch @@ -0,0 +1,49 @@ +From 3cc827ca6bdb7b7cfbebe30286db57b7edae0e65 Mon Sep 17 00:00:00 2001 +From: Tony Cook +Date: Tue, 12 May 2026 14:51:00 +1000 +Subject: [PATCH 2/2] perl/perl-security#147: test against the actual character + lengths + +(cherry picked from commit 5e7f119eb2bb1181be908701f22bf7068e722f1c) + +CVE: CVE-2026-8376 +Upstream-Status: Backport [https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c] +Signed-off-by: Theo Gaige (Schneider Electric) +--- + regcomp_study.c | 7 +++++++ + t/re/pat_psycho.t | 1 - + 2 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/regcomp_study.c b/regcomp_study.c +index db7ab3a409..9248e1de2b 100644 +--- a/regcomp_study.c ++++ b/regcomp_study.c +@@ -2862,6 +2862,13 @@ Perl_study_chunk(pTHX_ + (U8 *) SvEND(data->last_found)) + - (U8*)s; + l -= old; ++ ++ if (l > 0 && ++ (mincount >= SSize_t_MAX / (SSize_t)l ++ || old > SSize_t_MAX - mincount * (SSize_t)l)) { ++ FAIL("Regexp out of space"); ++ } ++ + /* Get the added string: */ + last_str = newSVpvn_utf8(s + old, l, UTF); + last_chrs = UTF ? utf8_length((U8*)(s + old), +diff --git a/t/re/pat_psycho.t b/t/re/pat_psycho.t +index 73a7992372..9fd764fd5e 100644 +--- a/t/re/pat_psycho.t ++++ b/t/re/pat_psycho.t +@@ -216,7 +216,6 @@ EOF + { # sec #147 + $Config{ptrsize} == 4 + or skip "these only fail on x32 and use too much memory on x64", 2; +- local $::TODO = "This crashes"; + # original case + fresh_perl_like('/\x{10000}{1073741824}/', + qr/Regexp out of space/, {}, "ssize_t overflow"); +-- +2.43.0 + diff --git a/meta/recipes-devtools/perl/perl_5.38.4.bb b/meta/recipes-devtools/perl/perl_5.38.4.bb index 5ab49ed3d77..9f4cc1c4044 100644 --- a/meta/recipes-devtools/perl/perl_5.38.4.bb +++ b/meta/recipes-devtools/perl/perl_5.38.4.bb @@ -18,6 +18,8 @@ SRC_URI = "https://www.cpan.org/src/5.0/perl-${PV}.tar.gz;name=perl \ file://determinism.patch \ file://0001-cpan-Sys-Syslog-Makefile.PL-Fix-_PATH_LOG-for-determ.patch \ file://0001-Fix-intermittent-failure-of-test-t-op-sigsystem.t.patch \ + file://CVE-2026-8376-01.patch \ + file://CVE-2026-8376-02.patch \ " SRC_URI:append:class-native = " \ file://perl-configpm-switch.patch \ From patchwork Thu Jul 9 10:06:31 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92116 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id CB7E5C4450C for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wm1-f52.google.com (mail-wm1-f52.google.com [209.85.128.52]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5890.1783591630584874983 for ; Thu, 09 Jul 2026 03:07:10 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=DzSe4zi8; spf=pass (domain: smile.fr, ip: 209.85.128.52, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f52.google.com with SMTP id 5b1f17b1804b1-493c59f740cso12803205e9.3 for ; Thu, 09 Jul 2026 03:07:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591629; x=1784196429; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=hIL8p06vZLHqC8YjWByb6MmkfUoBCYTz6iTY9D8Jye0=; b=DzSe4zi8rSdZvF54O5QLtk+QCisuNnnrbKIMTDV8eW8wPZiQrhqSklw3CHVZKaLpLb +Rl8p/gL1vwCN0IR6SgU8207j5wmywuAJezDKgVQvJ1k4y+r/O/I4hiYEsbdbdqD3CCd 2zkJ+jdKx0lvYTlDuMGESRKI1BIPoMRORMIoU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591629; x=1784196429; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=hIL8p06vZLHqC8YjWByb6MmkfUoBCYTz6iTY9D8Jye0=; b=ica9MSvuxVmSv7TWXZVMRTNPYCCtSx8bmLzYX7B6Z6tUu01z/ZbXtTwjo3fy6yoori 3y/T0Yuc2eCtXqXkhawdtA9+vUMJoklcS1Qq96t73bjR3sqVViM5nFhCz2rFynCmDmGH 5CPMEP9qCAnoIW95WXWMyLYqnTmAnWyNo+HOraDxkNhoe0TfQgvhiwWErZyD4lgi+e2k YHlKQM4NeFBkls6/qrnGlgM8xuEA4LxnCy85H14JP4a85qrJiE4y0JVnI3UBHFP2kHwp tleF+xfxg97k7/9L2283dyBbiF/xD2q0p/oO3J6/WGt6uUKLhnKea142X1jXehfRmDc0 49CQ== X-Gm-Message-State: AOJu0YwF0i3sj6M9YXUKdXQ/WLQYUHTu1l5BMctxvVj9ZqDU15BauCT0 DzloTIcQJwIKDlxvPRaS7k8HTLqYiZqtgaPd8Th9ctymEn+0NNpiP+j7jd/lGuzp7evgy8QnTYN UO5IKTE0= X-Gm-Gg: AfdE7cn6fu5ZjjdpPnQnSD9NrBgOcERyNGMqKvajXTCH2TKWZZ+LkZCvjYYCcixQM13 PU35MdiYujb8x4ezGpTpPjSWkE4ZIWheB88ys+uHVNSPuCvjaQ2JIqe5aanqmpIzeasH6Ex4BkA Fe60fB6LAcrn1ADodd7QpPb5wXMobWSgwc9pQ8q51qA5c84MMwcLE3YxjFhNSQFZNdjsWgip6NX 51O1VTftSltQd4tMdfJsbxF/6n6oHc05vnlQEfbmKiLufbwBYoU7UW5CfnzmVoHFyo418FNuq5H KB9BdvueZqkjWqb8lk69OtbreBKwdFZw/qVa9dq+tbeowo52A85qiNdwUOFIV+yTVei1qnUu7PP tqTNBE26eKasAznnDycqnhsnazSIs7VhNqBQpPPEfKPpRZYyy/MW7aCHbS32DH+B/n3zp7YcYuz LY9AG2IzoU18+Jg0wvCkxrJpeVtITmTl+xNc6RVgx2uL930CEWBALSxMTHFgkmhFc9aU0BEg8+0 icpJMsV8YKxG4ogAMj18z5RVyjp X-Received: by 2002:a05:600c:4e51:b0:493:e946:c0fb with SMTP id 5b1f17b1804b1-493e9bad6aamr30730125e9.0.1783591628735; Thu, 09 Jul 2026 03:07:08 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:08 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 15/25] curl: fix CVE-2026-6276 Date: Thu, 9 Jul 2026 12:06:31 +0200 Message-ID: <171bd9cd44cdad3c7239be860e28b11c5d7b4d30.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240562 From: Adarsh Jagadish Kamini Backport patch to fix CVE-2026-6276. https://nvd.nist.gov/vuln/detail/CVE-2026-6276 The upstream fix moves cookiehost from the connection-scoped aptr struct to the per-request SingleRequest struct, preventing cookie data from leaking across reused handles. Adapted for curl 8.7.1: - Use Curl_safefree (renamed to curlx_safefree in later versions) - Use conn->host.name (changed to data->conn->host.name upstream) - Keep existing header parsing structure (refactored upstream) - Dropped tests Upstream fix: https://github.com/curl/curl/commit/3a19987a87f393d9394fe5acc7643f6c263c92db Tested with ptest: Before: PASSED: 857, FAILED: 0, SKIPPED: 0 After: PASSED: 857, FAILED: 0, SKIPPED: 0 Signed-off-by: Adarsh Jagadish Kamini [YC: copy the backport info from commit message into the patch file itself] Signed-off-by: Yoann Congal --- .../curl/curl/CVE-2026-6276.patch | 135 ++++++++++++++++++ meta/recipes-support/curl/curl_8.7.1.bb | 1 + 2 files changed, 136 insertions(+) create mode 100644 meta/recipes-support/curl/curl/CVE-2026-6276.patch diff --git a/meta/recipes-support/curl/curl/CVE-2026-6276.patch b/meta/recipes-support/curl/curl/CVE-2026-6276.patch new file mode 100644 index 00000000000..8ac387159a4 --- /dev/null +++ b/meta/recipes-support/curl/curl/CVE-2026-6276.patch @@ -0,0 +1,135 @@ +From ee81b4f4b2f8e7d1a49c92d8a470294ef7088045 Mon Sep 17 00:00:00 2001 +From: Daniel Stenberg +Date: Tue, 14 Apr 2026 08:51:44 +0200 +Subject: [PATCH] urldata: move cookiehost to struct SingleRequest + +To make it scoped for the single request appropriately. + +Reported-by: Muhamad Arga Reksapati + +Verify with libtest 2504: a custom Host *disabled* on reused handle + +Closes #21312 + +CVE: CVE-2026-6276 +Upstream-Status: Backport [https://github.com/curl/curl/commit/3a19987a87f393d9394fe5acc7643f6c263c92db] + +Backport changes: Adapted for curl 8.7.1: +- Use Curl_safefree (renamed to curlx_safefree in later versions) +- Use conn->host.name (changed to data->conn->host.name upstream) +- Keep existing header parsing structure (refactored upstream) +- Dropped tests + +Signed-off-by: Adarsh Jagadish Kamini +--- + lib/http.c | 16 ++++++++++------ + lib/request.c | 3 +++ + lib/request.h | 3 +++ + lib/url.c | 4 +++- + lib/urldata.h | 1 - + 5 files changed, 19 insertions(+), 8 deletions(-) + +diff --git a/lib/http.c b/lib/http.c +index b80bebf..b1f6040 100644 +--- a/lib/http.c ++++ b/lib/http.c +@@ -1747,7 +1747,11 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) + data->state.first_remote_port = conn->remote_port; + data->state.first_remote_protocol = conn->handler->protocol; + } ++ + Curl_safefree(aptr->host); ++#ifndef CURL_DISABLE_COOKIES ++ Curl_safefree(data->req.cookiehost); ++#endif + + ptr = Curl_checkheaders(data, STRCONST("Host")); + if(ptr && (!data->state.this_is_a_follow || +@@ -1782,8 +1786,8 @@ CURLcode Curl_http_host(struct Curl_easy *data, struct connectdata *conn) + if(colon) + *colon = 0; /* The host must not include an embedded port number */ + } +- Curl_safefree(aptr->cookiehost); +- aptr->cookiehost = cookiehost; ++ Curl_safefree(data->req.cookiehost); ++ data->req.cookiehost = cookiehost; + } + #endif + +@@ -2302,8 +2306,8 @@ CURLcode Curl_http_cookies(struct Curl_easy *data, + int count = 0; + + if(data->cookies && data->state.cookie_engine) { +- const char *host = data->state.aptr.cookiehost ? +- data->state.aptr.cookiehost : conn->host.name; ++ const char *host = data->req.cookiehost ? ++ data->req.cookiehost : conn->host.name; + const bool secure_context = + conn->handler->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS) || + strcasecompare("localhost", host) || +@@ -3121,8 +3125,8 @@ CURLcode Curl_http_header(struct Curl_easy *data, struct connectdata *conn, + if(v) { + /* If there is a custom-set Host: name, use it here, or else use + * real peer host name. */ +- const char *host = data->state.aptr.cookiehost? +- data->state.aptr.cookiehost:conn->host.name; ++ const char *host = data->req.cookiehost? ++ data->req.cookiehost:conn->host.name; + const bool secure_context = + conn->handler->protocol&(CURLPROTO_HTTPS|CURLPROTO_WSS) || + strcasecompare("localhost", host) || +diff --git a/lib/request.c b/lib/request.c +index b3b0582..9bede2e 100644 +--- a/lib/request.c ++++ b/lib/request.c +@@ -111,6 +111,9 @@ void Curl_req_hard_reset(struct SingleRequest *req, struct Curl_easy *data) + * free this safely without leaks. */ + Curl_safefree(req->p.http); + Curl_safefree(req->newurl); ++#ifndef CURL_DISABLE_COOKIES ++ Curl_safefree(req->cookiehost); ++#endif + Curl_client_reset(data); + if(req->sendbuf_init) + Curl_bufq_reset(&req->sendbuf); +diff --git a/lib/request.h b/lib/request.h +index 488fbdd..17d50a3 100644 +--- a/lib/request.h ++++ b/lib/request.h +@@ -118,6 +118,9 @@ struct SingleRequest { + #ifndef CURL_DISABLE_DOH + struct dohdata *doh; /* DoH specific data for this request */ + #endif ++#ifndef CURL_DISABLE_COOKIES ++ char *cookiehost; ++#endif + #ifndef CURL_DISABLE_COOKIES + unsigned char setcookies; + #endif +diff --git a/lib/url.c b/lib/url.c +index 76360c8..30f215f 100644 +--- a/lib/url.c ++++ b/lib/url.c +@@ -313,7 +313,9 @@ CURLcode Curl_close(struct Curl_easy **datap) + Curl_safefree(data->state.aptr.rangeline); + Curl_safefree(data->state.aptr.ref); + Curl_safefree(data->state.aptr.host); +- Curl_safefree(data->state.aptr.cookiehost); ++#ifndef CURL_DISABLE_COOKIES ++ Curl_safefree(data->req.cookiehost); ++#endif + Curl_safefree(data->state.aptr.rtsp_transport); + Curl_safefree(data->state.aptr.user); + Curl_safefree(data->state.aptr.passwd); +diff --git a/lib/urldata.h b/lib/urldata.h +index b68d023..4fc595a 100644 +--- a/lib/urldata.h ++++ b/lib/urldata.h +@@ -1339,7 +1339,6 @@ struct UrlState { + char *rangeline; + char *ref; + char *host; +- char *cookiehost; + char *rtsp_transport; + char *te; /* TE: request header */ + diff --git a/meta/recipes-support/curl/curl_8.7.1.bb b/meta/recipes-support/curl/curl_8.7.1.bb index d0267317517..276526f01e5 100644 --- a/meta/recipes-support/curl/curl_8.7.1.bb +++ b/meta/recipes-support/curl/curl_8.7.1.bb @@ -37,6 +37,7 @@ SRC_URI = " \ file://CVE-2026-3783.patch \ file://CVE-2026-3784.patch \ file://CVE-2026-5773.patch \ + file://CVE-2026-6276.patch \ " SRC_URI:append:class-nativesdk = " \ From patchwork Thu Jul 9 10:06:32 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92123 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 194AFC4450F for ; Thu, 9 Jul 2026 10:07:18 +0000 (UTC) Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com [209.85.128.42]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5891.1783591633102415954 for ; Thu, 09 Jul 2026 03:07:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=X+aAhAfp; spf=pass (domain: smile.fr, ip: 209.85.128.42, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f42.google.com with SMTP id 5b1f17b1804b1-493e4cccd8dso7422165e9.2 for ; Thu, 09 Jul 2026 03:07:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591631; x=1784196431; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=llAtX/ycn8ZsonvaboXhe9CiSBWbcwqxhvQLFzFsSmE=; b=X+aAhAfp2zbPnQ4xF8NPkPMfEyT7BHhOUxTAbfHpGZNRAPC1yZz6wkHSBDiiwsg4p6 x/bBEIcmRd2FQT7w0vzxUQ+LRKWCEvGBMvV4hq+fij16Tag3OESv9BiHAaXEOFC4ljh8 N3anywzIZVIHMKzhVzKdDvFWtjqtFGkzuBZIo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591631; x=1784196431; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=llAtX/ycn8ZsonvaboXhe9CiSBWbcwqxhvQLFzFsSmE=; b=WTQBwqZd3QwCejz00I+Ez0wMCBavQYLSsv/ACIRMOhJglobKFOCZZPpQngoOkdSaGl CgATpTo+E+fvOYv+HTnbNJeTDcYRtGQix9Fvx7PcLgQOcSdZrfkXwDQOcQNou0fXE3bS DmyLJsh+8GaMvCAsClqhrfYA8eAx56mbw2KiV+9c4PmD1Eot0Fuzkq5F1HcpPFJz5qc4 7IxT8SecY2SD1dsXRvNTSAg5A8twzIyTEUSuNBMtGMpax690fJlznSP/lXqcnCxOrhM6 IP1T/o5k0BMtBuHBtMLDgQ7mjH+C0KNrcNz7uoaL5ZN+eLGV1NN9hOtg/GOdtlapyl/7 EWtQ== X-Gm-Message-State: AOJu0Yz4hjBfp7iUfvpCjdPu8kivXKtdnUZ1PkjZrEjIU3pukuUqbGif gUjDG727A7jFvUEhMBPPACm5kSqoCppzDK+eduseSZ97ZeMJpaOSK9KLciYf3Z90Y4lr/xOET6P e8GyDHsU= X-Gm-Gg: AfdE7cnA81wszGg91sUJrp43G3j77gxhb4Vxj4T+jYaU6btPwuS9SkuBahX58/VWTpY PsdNk69XkScmdkvPQU0tRWFLJ8TxTRoCbwDV2W0tGxvvmX1mnZjMW0qeJEsKC+jBfGKhqZpCpuj 9nnZYGyN1Omol+H62ZB7ypJ8JRuqoWIFiIqpgAbih937oguhijAgUHxz6oD0ULD6xc82II4jtg8 huXjzqbl2RGxmCgA9jQRoQN9gDwf5uip86H/mP7k1hE/HeVDbJrMPbOJGB3U/on/nUf9KJnE7Xo JM1Pe5M99Z07X1NwvyHZzifyh12yEWQyPrw7KIcd15TkEz3GMr1RnTS+1n+KBfvPvZ+/v80Zm4h a/ZdmbRJHYHuM/msWDxzr1/URIKbhBZFFfaD9djtgnKUQRA8gmb245macpWQM6wRSTZdRnukUCG /FPzP6mBX0//r+K8ua3u0omkEoe+E5O0UyxhUv3b8gwsfPUcBJOoxBpK6RrdDBrWq+JNHZphGD1 4pOOwg02na64oXubA== X-Received: by 2002:a05:600c:3e87:b0:492:7019:caca with SMTP id 5b1f17b1804b1-493e68cbea4mr63272465e9.26.1783591629734; Thu, 09 Jul 2026 03:07:09 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:08 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 16/25] linux-yocto/6.6: update CVE exclusions (6.6.142) Date: Thu, 9 Jul 2026 12:06:32 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240565 From: Esa Jaaskela Regenerated to fix this warning: WARNING: linux-yocto-6.6.142+git-r0 do_cve_check: Kernel CVE status needs updating: generated for 6.6.127 but kernel is 6.6.142 $ ./meta/recipes-kernel/linux/generate-cve-exclusions.py .../cvelistV5/ 6.6.142 > meta/recipes-kernel/linux/cve-exclusion_6.6.inc Generated at 2026-07-07 17:39:10.952928+00:00 for kernel version 6.6.142 From cvelistV5 cve_2026-07-07_1600Z Signed-off-by: Esa Jaaskela Signed-off-by: Yoann Congal --- .../linux/cve-exclusion_6.6.inc | 3418 +++++++++++++---- 1 file changed, 2668 insertions(+), 750 deletions(-) diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc index fcd38c56aed..2a194e7c84d 100644 --- a/meta/recipes-kernel/linux/cve-exclusion_6.6.inc +++ b/meta/recipes-kernel/linux/cve-exclusion_6.6.inc @@ -1,17 +1,19 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2026-05-27 12:02:49.732909+00:00 for kernel version 6.6.127 -# From cvelistV5 cve_2026-05-27_0900Z +# Generated at 2026-07-07 17:39:10.952928+00:00 for kernel version 6.6.142 +# From cvelistV5 cve_2026-07-07_1600Z python check_kernel_cve_status_version() { - this_version = "6.6.127" + this_version = "6.6.142" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) } do_cve_check[prefuncs] += "check_kernel_cve_status_version" +# CVE-2018-10902 has no known resolution + CVE_STATUS[CVE-2019-25160] = "fixed-version: Fixed from version 5.0" CVE_STATUS[CVE-2019-25162] = "fixed-version: Fixed from version 6.0" @@ -6634,7 +6636,7 @@ CVE_STATUS[CVE-2023-52918] = "cpe-stable-backport: Backported in 6.6.48" CVE_STATUS[CVE-2023-52919] = "fixed-version: Fixed from version 6.6" -# CVE-2023-52920 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2023-52920] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2023-52921] = "fixed-version: Fixed from version 6.5" @@ -9030,7 +9032,7 @@ CVE_STATUS[CVE-2023-54326] = "fixed-version: Fixed from version 6.5" CVE_STATUS[CVE-2023-7324] = "fixed-version: Fixed from version 6.3" -# CVE-2024-14027 may need backporting (fixed from 6.6.133) +CVE_STATUS[CVE-2024-14027] = "cpe-stable-backport: Backported in 6.6.133" CVE_STATUS[CVE-2024-26581] = "cpe-stable-backport: Backported in 6.6.17" @@ -9874,7 +9876,7 @@ CVE_STATUS[CVE-2024-27020] = "cpe-stable-backport: Backported in 6.6.29" CVE_STATUS[CVE-2024-27021] = "fixed-version: only affects 6.8 onwards" -# CVE-2024-27022 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2024-27022] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2024-27023] = "cpe-stable-backport: Backported in 6.6.19" @@ -11942,7 +11944,7 @@ CVE_STATUS[CVE-2024-43823] = "cpe-stable-backport: Backported in 6.6.44" CVE_STATUS[CVE-2024-43825] = "cpe-stable-backport: Backported in 6.6.44" -# CVE-2024-43826 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2024-43826] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2024-43827] = "fixed-version: only affects 6.8 onwards" @@ -12346,7 +12348,7 @@ CVE_STATUS[CVE-2024-46689] = "cpe-stable-backport: Backported in 6.6.49" CVE_STATUS[CVE-2024-46690] = "fixed-version: only affects 6.9 onwards" -# CVE-2024-46691 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2024-46691] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2024-46692] = "cpe-stable-backport: Backported in 6.6.49" @@ -14482,7 +14484,7 @@ CVE_STATUS[CVE-2024-56645] = "cpe-stable-backport: Backported in 6.6.66" CVE_STATUS[CVE-2024-56646] = "fixed-version: only affects 6.9 onwards" -# CVE-2024-56647 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2024-56647] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2024-56648] = "cpe-stable-backport: Backported in 6.6.66" @@ -15258,7 +15260,7 @@ CVE_STATUS[CVE-2025-21680] = "cpe-stable-backport: Backported in 6.6.74" CVE_STATUS[CVE-2025-21681] = "cpe-stable-backport: Backported in 6.6.74" -# CVE-2025-21682 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-21682] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-21683] = "cpe-stable-backport: Backported in 6.6.74" @@ -15368,7 +15370,7 @@ CVE_STATUS[CVE-2025-21737] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2025-21738] = "cpe-stable-backport: Backported in 6.6.78" -# CVE-2025-21739 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2025-21739] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2025-21741] = "cpe-stable-backport: Backported in 6.6.78" @@ -15392,7 +15394,7 @@ CVE_STATUS[CVE-2025-21750] = "cpe-stable-backport: Backported in 6.6.78" CVE_STATUS[CVE-2025-21751] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2025-21752] = "fixed-version: only affects 6.6.130 onwards" +# CVE-2025-21752 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2025-21753] = "cpe-stable-backport: Backported in 6.6.78" @@ -16128,7 +16130,7 @@ CVE_STATUS[CVE-2025-22123] = "fixed-version: only affects 6.9 onwards" # CVE-2025-22124 may need backporting (fixed from 6.7) -# CVE-2025-22125 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2025-22125] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2025-22126] = "cpe-stable-backport: Backported in 6.6.88" @@ -16140,7 +16142,7 @@ CVE_STATUS[CVE-2025-22128] = "fixed-version: only affects 6.8 onwards" # CVE-2025-23130 needs backporting (fixed from 6.15) -# CVE-2025-23131 needs backporting (fixed from 6.15) +# CVE-2025-23131 may need backporting (fixed from 6.6.144) # CVE-2025-23132 needs backporting (fixed from 6.15) @@ -17030,7 +17032,7 @@ CVE_STATUS[CVE-2025-38162] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2025-38163] = "cpe-stable-backport: Backported in 6.6.94" -# CVE-2025-38164 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-38164] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-38165] = "cpe-stable-backport: Backported in 6.6.94" @@ -17548,7 +17550,7 @@ CVE_STATUS[CVE-2025-38424] = "cpe-stable-backport: Backported in 6.6.95" CVE_STATUS[CVE-2025-38425] = "cpe-stable-backport: Backported in 6.6.95" -# CVE-2025-38426 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-38426] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-38427] = "cpe-stable-backport: Backported in 6.6.95" @@ -17758,7 +17760,7 @@ CVE_STATUS[CVE-2025-38529] = "cpe-stable-backport: Backported in 6.6.100" CVE_STATUS[CVE-2025-38530] = "cpe-stable-backport: Backported in 6.6.100" -# CVE-2025-38531 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2025-38531] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2025-38532] = "cpe-stable-backport: Backported in 6.6.100" @@ -17802,8 +17804,6 @@ CVE_STATUS[CVE-2025-38551] = "fixed-version: only affects 6.11.2 onwards" CVE_STATUS[CVE-2025-38552] = "cpe-stable-backport: Backported in 6.6.101" -CVE_STATUS[CVE-2025-38553] = "cpe-stable-backport: Backported in 6.6.102" - CVE_STATUS[CVE-2025-38554] = "fixed-version: only affects 6.15 onwards" CVE_STATUS[CVE-2025-38555] = "cpe-stable-backport: Backported in 6.6.102" @@ -17864,7 +17864,7 @@ CVE_STATUS[CVE-2025-38581] = "cpe-stable-backport: Backported in 6.6.102" CVE_STATUS[CVE-2025-38583] = "cpe-stable-backport: Backported in 6.6.102" -# CVE-2025-38584 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2025-38584] = "cpe-stable-backport: Backported in 6.6.140" # CVE-2025-38585 needs backporting (fixed from 6.17) @@ -18100,7 +18100,7 @@ CVE_STATUS[CVE-2025-38702] = "cpe-stable-backport: Backported in 6.6.103" CVE_STATUS[CVE-2025-38703] = "fixed-version: only affects 6.8 onwards" -# CVE-2025-38704 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-38704] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2025-38705 needs backporting (fixed from 6.17) @@ -18112,7 +18112,7 @@ CVE_STATUS[CVE-2025-38708] = "cpe-stable-backport: Backported in 6.6.103" CVE_STATUS[CVE-2025-38709] = "cpe-stable-backport: Backported in 6.6.109" -# CVE-2025-38710 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2025-38710] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2025-38711] = "cpe-stable-backport: Backported in 6.6.103" @@ -18318,7 +18318,7 @@ CVE_STATUS[CVE-2025-39745] = "fixed-version: only affects 6.14 onwards" # CVE-2025-39747 needs backporting (fixed from 6.17) -# CVE-2025-39748 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-39748] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-39749] = "cpe-stable-backport: Backported in 6.6.103" @@ -18348,7 +18348,7 @@ CVE_STATUS[CVE-2025-39761] = "cpe-stable-backport: Backported in 6.6.103" CVE_STATUS[CVE-2025-39763] = "cpe-stable-backport: Backported in 6.6.103" -# CVE-2025-39764 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-39764] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-39765] = "fixed-version: only affects 6.12 onwards" @@ -18674,7 +18674,7 @@ CVE_STATUS[CVE-2025-39928] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2025-39929] = "cpe-stable-backport: Backported in 6.6.108" -CVE_STATUS[CVE-2025-39930] = "fixed-version: only affects 6.6.130 onwards" +CVE_STATUS[CVE-2025-39930] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2025-39931] = "cpe-stable-backport: Backported in 6.6.108" @@ -18776,7 +18776,7 @@ CVE_STATUS[CVE-2025-39979] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2025-39980] = "cpe-stable-backport: Backported in 6.6.109" -# CVE-2025-39981 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2025-39981] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2025-39982] = "cpe-stable-backport: Backported in 6.6.109" @@ -19082,7 +19082,7 @@ CVE_STATUS[CVE-2025-40133] = "fixed-version: only affects 6.12 onwards" CVE_STATUS[CVE-2025-40134] = "cpe-stable-backport: Backported in 6.6.112" -# CVE-2025-40135 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-40135] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2025-40136 needs backporting (fixed from 6.18) @@ -19110,7 +19110,7 @@ CVE_STATUS[CVE-2025-40148] = "fixed-version: only affects 6.16 onwards" CVE_STATUS[CVE-2025-40149] = "cpe-stable-backport: Backported in 6.6.121" -# CVE-2025-40150 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-40150] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-40151] = "fixed-version: only affects 6.17 onwards" @@ -19236,7 +19236,7 @@ CVE_STATUS[CVE-2025-40211] = "cpe-stable-backport: Backported in 6.6.117" CVE_STATUS[CVE-2025-40212] = "fixed-version: only affects 6.12 onwards" -CVE_STATUS[CVE-2025-40213] = "fixed-version: only affects 6.6.140 onwards" +# CVE-2025-40213 may need backporting (fixed from 6.7) CVE_STATUS[CVE-2025-40214] = "cpe-stable-backport: Backported in 6.6.117" @@ -19248,7 +19248,7 @@ CVE_STATUS[CVE-2025-40217] = "fixed-version: only affects 6.11 onwards" CVE_STATUS[CVE-2025-40218] = "cpe-stable-backport: Backported in 6.6.113" -# CVE-2025-40219 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-40219] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2025-40220] = "cpe-stable-backport: Backported in 6.6.115" @@ -19294,7 +19294,7 @@ CVE_STATUS[CVE-2025-40240] = "cpe-stable-backport: Backported in 6.6.115" CVE_STATUS[CVE-2025-40241] = "fixed-version: only affects 6.15 onwards" -# CVE-2025-40242 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2025-40242] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2025-40243] = "cpe-stable-backport: Backported in 6.6.115" @@ -19614,7 +19614,7 @@ CVE_STATUS[CVE-2025-68204] = "cpe-stable-backport: Backported in 6.6.118" CVE_STATUS[CVE-2025-68205] = "fixed-version: only affects 6.17 onwards" -# CVE-2025-68206 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-68206] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-68207] = "fixed-version: only affects 6.12.37 onwards" @@ -19678,7 +19678,7 @@ CVE_STATUS[CVE-2025-68237] = "cpe-stable-backport: Backported in 6.6.118" CVE_STATUS[CVE-2025-68238] = "cpe-stable-backport: Backported in 6.6.118" -# CVE-2025-68239 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-68239] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-68240] = "fixed-version: only affects 6.12 onwards" @@ -19764,7 +19764,7 @@ CVE_STATUS[CVE-2025-68294] = "fixed-version: only affects 6.15 onwards" CVE_STATUS[CVE-2025-68295] = "cpe-stable-backport: Backported in 6.6.119" -# CVE-2025-68296 needs backporting (fixed from 6.18) +# CVE-2025-68296 may need backporting (fixed from 6.6.143) CVE_STATUS[CVE-2025-68297] = "cpe-stable-backport: Backported in 6.6.119" @@ -19802,7 +19802,7 @@ CVE_STATUS[CVE-2025-68313] = "fixed-version: only affects 6.8 onwards" CVE_STATUS[CVE-2025-68314] = "fixed-version: only affects 6.17 onwards" -# CVE-2025-68315 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2025-68315] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2025-68316] = "fixed-version: only affects 6.13 onwards" @@ -19840,7 +19840,7 @@ CVE_STATUS[CVE-2025-68332] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-68333] = "fixed-version: only affects 6.12 onwards" -# CVE-2025-68334 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-68334] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-68335] = "cpe-stable-backport: Backported in 6.6.120" @@ -19958,7 +19958,7 @@ CVE_STATUS[CVE-2025-68734] = "cpe-stable-backport: Backported in 6.6.117" CVE_STATUS[CVE-2025-68735] = "fixed-version: only affects 6.10 onwards" -# CVE-2025-68736 needs backporting (fixed from 6.19) +# CVE-2025-68736 may need backporting (fixed from 6.6.143) CVE_STATUS[CVE-2025-68737] = "fixed-version: only affects 6.18 onwards" @@ -20022,7 +20022,7 @@ CVE_STATUS[CVE-2025-68766] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-68767] = "cpe-stable-backport: Backported in 6.6.120" -# CVE-2025-68768 needs backporting (fixed from 6.19) +# CVE-2025-68768 may need backporting (fixed from 6.6.143) CVE_STATUS[CVE-2025-68769] = "cpe-stable-backport: Backported in 6.6.120" @@ -20304,7 +20304,7 @@ CVE_STATUS[CVE-2025-71150] = "cpe-stable-backport: Backported in 6.6.120" CVE_STATUS[CVE-2025-71151] = "cpe-stable-backport: Backported in 6.6.120" -# CVE-2025-71152 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-71152] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-71153] = "cpe-stable-backport: Backported in 6.6.120" @@ -20322,7 +20322,7 @@ CVE_STATUS[CVE-2025-71159] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2025-71160] = "cpe-stable-backport: Backported in 6.6.121" -# CVE-2025-71161 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-71161] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-71162] = "cpe-stable-backport: Backported in 6.6.122" @@ -20336,7 +20336,7 @@ CVE_STATUS[CVE-2025-71182] = "cpe-stable-backport: Backported in 6.6.121" CVE_STATUS[CVE-2025-71183] = "cpe-stable-backport: Backported in 6.6.121" -# CVE-2025-71184 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-71184] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-71185] = "cpe-stable-backport: Backported in 6.6.122" @@ -20374,13 +20374,13 @@ CVE_STATUS[CVE-2025-71201] = "fixed-version: only affects 6.14 onwards" # CVE-2025-71202 needs backporting (fixed from 6.19) -# CVE-2025-71203 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-71203] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-71204] = "cpe-stable-backport: Backported in 6.6.124" CVE_STATUS[CVE-2025-71220] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2025-71221 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-71221] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2025-71222] = "cpe-stable-backport: Backported in 6.6.124" @@ -20412,17 +20412,17 @@ CVE_STATUS[CVE-2025-71237] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2025-71238] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2025-71239 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71239] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2025-71265 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71265] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2025-71266 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71266] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2025-71267 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71267] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2025-71268] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2025-71269 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2025-71269] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2025-71270] = "cpe-stable-backport: Backported in 6.6.124" @@ -20432,33 +20432,33 @@ CVE_STATUS[CVE-2025-71271] = "fixed-version: only affects 6.13 onwards" # CVE-2025-71273 needs backporting (fixed from 7.0) -# CVE-2025-71274 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71274] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2025-71285 needs backporting (fixed from 7.0) -# CVE-2025-71286 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71286] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2025-71287 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-71287] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2025-71288 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2025-71288] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2025-71289 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2025-71290] = "fixed-version: only affects 6.16 onwards" -# CVE-2025-71291 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71291] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2025-71292 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71292] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2025-71293] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2025-71294] = "fixed-version: only affects 6.7 onwards" -# CVE-2025-71295 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71295] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2025-71296] = "fixed-version: only affects 6.16 onwards" -# CVE-2025-71297 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2025-71297] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2025-71298] = "fixed-version: only affects 6.16 onwards" @@ -20470,6 +20470,30 @@ CVE_STATUS[CVE-2025-71301] = "fixed-version: only affects 6.16 onwards" CVE_STATUS[CVE-2025-71302] = "fixed-version: only affects 6.10 onwards" +CVE_STATUS[CVE-2025-71303] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2025-71304] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2025-71305] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2025-71306] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-71307] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2025-71308] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2025-71309] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2025-71311] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2025-71312] = "fixed-version: only affects 6.19 onwards" + +# CVE-2025-71313 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2025-71314] = "fixed-version: only affects 6.10 onwards" + +# CVE-2025-71315 needs backporting (fixed from 6.19) + CVE_STATUS[CVE-2026-22976] = "cpe-stable-backport: Backported in 6.6.121" CVE_STATUS[CVE-2026-22977] = "cpe-stable-backport: Backported in 6.6.121" @@ -20526,7 +20550,7 @@ CVE_STATUS[CVE-2026-23002] = "fixed-version: only affects 6.12 onwards" CVE_STATUS[CVE-2026-23003] = "cpe-stable-backport: Backported in 6.6.122" -# CVE-2026-23004 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23004] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23005] = "cpe-stable-backport: Backported in 6.6.122" @@ -20618,13 +20642,13 @@ CVE_STATUS[CVE-2026-23048] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-23049] = "cpe-stable-backport: Backported in 6.6.122" -# CVE-2026-23050 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23050] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23051] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2026-23052] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-23053 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23053] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23054] = "cpe-stable-backport: Backported in 6.6.122" @@ -20650,7 +20674,7 @@ CVE_STATUS[CVE-2026-23064] = "cpe-stable-backport: Backported in 6.6.122" CVE_STATUS[CVE-2026-23065] = "fixed-version: only affects 6.8 onwards" -# CVE-2026-23066 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23066] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23067] = "fixed-version: only affects 6.16 onwards" @@ -20754,7 +20778,7 @@ CVE_STATUS[CVE-2026-23116] = "cpe-stable-backport: Backported in 6.6.122" CVE_STATUS[CVE-2026-23117] = "fixed-version: only affects 6.18.2 onwards" -# CVE-2026-23118 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23118] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23119] = "cpe-stable-backport: Backported in 6.6.122" @@ -20794,7 +20818,7 @@ CVE_STATUS[CVE-2026-23136] = "cpe-stable-backport: Backported in 6.6.121" # CVE-2026-23137 needs backporting (fixed from 6.19) -# CVE-2026-23138 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23138] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23139] = "cpe-stable-backport: Backported in 6.6.121" @@ -20826,13 +20850,13 @@ CVE_STATUS[CVE-2026-23152] = "fixed-version: only affects 6.7 onwards" CVE_STATUS[CVE-2026-23153] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-23154 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23154] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23155] = "cpe-stable-backport: Backported in 6.6.123" CVE_STATUS[CVE-2026-23156] = "cpe-stable-backport: Backported in 6.6.123" -# CVE-2026-23157 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23157] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23158] = "fixed-version: only affects 6.11 onwards" @@ -20860,7 +20884,7 @@ CVE_STATUS[CVE-2026-23169] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2026-23170] = "cpe-stable-backport: Backported in 6.6.123" -# CVE-2026-23171 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-23171] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2026-23172] = "cpe-stable-backport: Backported in 6.6.123" @@ -20972,7 +20996,7 @@ CVE_STATUS[CVE-2026-23225] = "fixed-version: only affects 6.19 onwards" # CVE-2026-23226 needs backporting (fixed from 7.0) -# CVE-2026-23227 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23227] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23228] = "cpe-stable-backport: Backported in 6.6.125" @@ -20980,7 +21004,7 @@ CVE_STATUS[CVE-2026-23229] = "cpe-stable-backport: Backported in 6.6.125" CVE_STATUS[CVE-2026-23230] = "cpe-stable-backport: Backported in 6.6.125" -# CVE-2026-23231 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-23231] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-23232] = "fixed-version: only affects 6.19 onwards" @@ -21002,15 +21026,15 @@ CVE_STATUS[CVE-2026-23238] = "cpe-stable-backport: Backported in 6.6.127" CVE_STATUS[CVE-2026-23241] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-23242 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-23242] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-23243 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-23243] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-23244 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23244] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23245 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23245] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23246 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23246] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2026-23247 needs backporting (fixed from 7.0) @@ -21024,11 +21048,11 @@ CVE_STATUS[CVE-2026-23251] = "fixed-version: only affects 6.10 onwards" CVE_STATUS[CVE-2026-23252] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-23253 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23253] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23254] = "cpe-stable-backport: Backported in 6.6.124" -# CVE-2026-23255 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-23255] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-23256] = "cpe-stable-backport: Backported in 6.6.124" @@ -21054,119 +21078,119 @@ CVE_STATUS[CVE-2026-23266] = "cpe-stable-backport: Backported in 6.6.127" CVE_STATUS[CVE-2026-23267] = "cpe-stable-backport: Backported in 6.6.127" -# CVE-2026-23268 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23268] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23269 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23269] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23270 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23270] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23271 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23271] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23272 may need backporting (fixed from 6.6.141) +CVE_STATUS[CVE-2026-23272] = "cpe-stable-backport: Backported in 6.6.141" -# CVE-2026-23273 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-23273] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-23274 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23274] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23275] = "fixed-version: only affects 6.13 onwards" # CVE-2026-23276 needs backporting (fixed from 7.0) -# CVE-2026-23277 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23277] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23278 needs backporting (fixed from 7.0) +# CVE-2026-23278 may need backporting (fixed from 6.6.144) -# CVE-2026-23279 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23279] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23280] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-23281 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23281] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23282] = "fixed-version: only affects 6.17 onwards" CVE_STATUS[CVE-2026-23283] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23284 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23284] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23285 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23285] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23286 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23286] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23287 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23287] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23288] = "fixed-version: only affects 6.19.4 onwards" -# CVE-2026-23289 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23289] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23290 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23290] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23291 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23291] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23292 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23292] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23293 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23293] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23294] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-23295] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23296 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23296] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23297] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-23298 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23298] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23299] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-23300 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23300] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23301] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23302 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-23302] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-23303 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23303] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23304 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23304] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23305] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-23306 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23306] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23307 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23307] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23308 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23308] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23309 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23309] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23310 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23310] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23311] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-23312 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23312] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23313 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-23313] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-23314] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-23315 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23315] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23316] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-23317 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23317] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23318 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23318] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23319 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23319] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23321 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23321] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23322] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-23323] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23324 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23324] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23325 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23325] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23326] = "fixed-version: only affects 6.13 onwards" @@ -21176,39 +21200,39 @@ CVE_STATUS[CVE-2026-23328] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2026-23329] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-23330 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-23330] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-23331] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2026-23332] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-23334 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23334] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23335 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23335] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23336 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23336] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23337] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-23338] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-23339 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23339] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23340 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23340] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23341] = "fixed-version: only affects 6.19.4 onwards" CVE_STATUS[CVE-2026-23342] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-23343 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23343] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23344] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-23345] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-23346 needs backporting (fixed from 7.0) +# CVE-2026-23346 may need backporting (fixed from 6.6.143) -# CVE-2026-23347 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23347] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2026-23348 needs backporting (fixed from 7.0) @@ -21216,9 +21240,9 @@ CVE_STATUS[CVE-2026-23349] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-23350] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23351 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23351] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23352 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23352] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23353] = "fixed-version: only affects 6.19 onwards" @@ -21226,43 +21250,43 @@ CVE_STATUS[CVE-2026-23354] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2026-23355] = "fixed-version: only affects 6.18.14 onwards" -# CVE-2026-23356 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23356] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23357 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23357] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23358] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-23359 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23359] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23360 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-23360] = "cpe-stable-backport: Backported in 6.6.131" # CVE-2026-23361 needs backporting (fixed from 7.0) -# CVE-2026-23362 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23362] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23363] = "fixed-version: only affects 6.7 onwards" -# CVE-2026-23364 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23364] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23365 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23365] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23366] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-23367 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23367] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23368 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23368] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23369] = "fixed-version: only affects 6.7 onwards" -# CVE-2026-23370 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23370] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2026-23371 needs backporting (fixed from 7.0) -# CVE-2026-23372 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23372] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23373] = "fixed-version: only affects 6.9 onwards" -# CVE-2026-23374 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-23374] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-23375] = "fixed-version: only affects 6.8 onwards" @@ -21270,15 +21294,15 @@ CVE_STATUS[CVE-2026-23376] = "fixed-version: only affects 6.17.3 onwards" # CVE-2026-23377 needs backporting (fixed from 7.0) -# CVE-2026-23378 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23378] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23379 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23379] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23380] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-23381 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23381] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23382 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23382] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2026-23383 needs backporting (fixed from 7.0) @@ -21286,63 +21310,63 @@ CVE_STATUS[CVE-2026-23384] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-23385] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-23386 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23386] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23387 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23387] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23388 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23388] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23389 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-23389] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-23390] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-23391 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23391] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23392 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23392] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2026-23393 needs backporting (fixed from 7.0) -# CVE-2026-23394 may need backporting (fixed from 6.7) +CVE_STATUS[CVE-2026-23394] = "cpe-stable-backport: Backported in 6.6.142" -# CVE-2026-23395 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23395] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23396 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23396] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23397 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23397] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23398 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23398] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23399 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-23399] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-23400] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-23401 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-23401] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-23402] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-23403 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23403] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23404 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23404] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23405 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23405] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23406 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23406] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23407 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23407] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23408 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23408] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23409 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23409] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23410 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23410] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23411 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23411] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23412 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23412] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23413 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23413] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23414 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-23414] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-23415] = "fixed-version: only affects 6.16 onwards" @@ -21352,13 +21376,13 @@ CVE_STATUS[CVE-2026-23417] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2026-23418] = "fixed-version: only affects 6.14 onwards" -# CVE-2026-23419 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23419] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23420 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23420] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23421] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-23422 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23422] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23423] = "fixed-version: only affects 6.13 onwards" @@ -21366,11 +21390,11 @@ CVE_STATUS[CVE-2026-23424] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2026-23425] = "fixed-version: only affects 6.14 onwards" -# CVE-2026-23426 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23426] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23427 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23427] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23428 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23428] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23429] = "fixed-version: only affects 6.18.7 onwards" @@ -21382,7 +21406,7 @@ CVE_STATUS[CVE-2026-23432] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-23433] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23434 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23434] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23435] = "fixed-version: only affects 6.18.2 onwards" @@ -21390,67 +21414,67 @@ CVE_STATUS[CVE-2026-23436] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2026-23437] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-23438 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23438] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23439 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23439] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23440 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23440] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23441 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23441] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23442 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-23442] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-23443 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23443] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23444 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-23444] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-23445] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-23446 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23446] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23447 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23447] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23448 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23448] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23449 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23449] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23450 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23450] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23451] = "fixed-version: only affects 6.18.19 onwards" -# CVE-2026-23452 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23452] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23453] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-23454 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23454] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23455 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23455] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23456 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23456] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23457 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23457] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23458 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23458] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23459] = "fixed-version: only affects 6.14 onwards" -# CVE-2026-23460 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23460] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23461 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23461] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23462 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23462] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23463 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23463] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23464] = "fixed-version: only affects 6.8 onwards" -# CVE-2026-23465 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23465] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-23466] = "fixed-version: only affects 6.12 onwards" CVE_STATUS[CVE-2026-23467] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-23468 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-23468] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2026-23469] = "fixed-version: only affects 6.8 onwards" @@ -21458,101 +21482,101 @@ CVE_STATUS[CVE-2026-23470] = "fixed-version: only affects 6.8 onwards" # CVE-2026-23472 needs backporting (fixed from 7.0) -# CVE-2026-23474 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23474] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-23475 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-23475] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31389 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31389] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31390] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-31391 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31391] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31392 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31392] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31393 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31393] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31394] = "fixed-version: only affects 6.11 onwards" CVE_STATUS[CVE-2026-31395] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-31396 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31396] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31397] = "fixed-version: only affects 6.16 onwards" CVE_STATUS[CVE-2026-31398] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-31399 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31399] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31400 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31400] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31401] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-31402 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31402] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31403 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31403] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31404] = "fixed-version: only affects 6.14 onwards" -# CVE-2026-31405 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31405] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31406] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-31407 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31407] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31408 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31408] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31409 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31409] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2026-31410 needs backporting (fixed from 7.0) -# CVE-2026-31411 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-31411] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-31412 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31412] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31413] = "fixed-version: only affects 6.12.75 onwards" -# CVE-2026-31414 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31414] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31415 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31415] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31416 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31416] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31417 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31417] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31418 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31418] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31419 needs backporting (fixed from 7.0) +# CVE-2026-31419 may need backporting (fixed from 6.6.143) # CVE-2026-31420 needs backporting (fixed from 7.0) -# CVE-2026-31421 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31421] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31422 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31422] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31423 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31423] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31424 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31424] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31425 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31425] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31426 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31426] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31427 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31427] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31428 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31428] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31429 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31429] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31430 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31430] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31431 may need backporting (fixed from 6.6.137) +CVE_STATUS[CVE-2026-31431] = "cpe-stable-backport: Backported in 6.6.137" -# CVE-2026-31432 needs backporting (fixed from 7.0) +# CVE-2026-31432 may need backporting (fixed from 6.6.143) -# CVE-2026-31433 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31433] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31434 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31434] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31435] = "fixed-version: only affects 6.12 onwards" @@ -21562,45 +21586,45 @@ CVE_STATUS[CVE-2026-31437] = "fixed-version: only affects 6.18.17 onwards" CVE_STATUS[CVE-2026-31438] = "fixed-version: only affects 6.8 onwards" -# CVE-2026-31439 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31439] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31440 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-31440] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-31441 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31441] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31442] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2026-31443] = "fixed-version: only affects 6.14 onwards" -CVE_STATUS[CVE-2026-31444] = "fixed-version: only affects 6.6.130 onwards" +CVE_STATUS[CVE-2026-31444] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31445] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-31446 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31446] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31447 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31447] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31448 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31448] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31449 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-31449] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-31450 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31450] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31451 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31451] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31452 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31452] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31453 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31453] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31454 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31454] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31455 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31455] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31456] = "fixed-version: only affects 6.12 onwards" CVE_STATUS[CVE-2026-31457] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-31458 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31458] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31459] = "fixed-version: only affects 6.17.6 onwards" @@ -21612,17 +21636,17 @@ CVE_STATUS[CVE-2026-31461] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2026-31463] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31464 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31464] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31465] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-31466 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31466] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31467 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31467] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31468] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31469 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31469] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31470] = "fixed-version: only affects 6.7 onwards" @@ -21630,117 +21654,117 @@ CVE_STATUS[CVE-2026-31471] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2026-31472] = "fixed-version: only affects 6.14 onwards" -# CVE-2026-31473 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31473] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31474 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31474] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31475] = "fixed-version: only affects 6.14.9 onwards" -# CVE-2026-31476 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31476] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31477 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31477] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31478 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31478] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31479] = "fixed-version: only affects 6.8 onwards" -# CVE-2026-31480 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31480] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31481] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31482 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31482] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31483 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31483] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31484] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31485 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31485] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31486 needs backporting (fixed from 7.0) +# CVE-2026-31486 may need backporting (fixed from 6.6.143) # CVE-2026-31487 needs backporting (fixed from 7.0) -# CVE-2026-31488 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-31488] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-31489 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-31489] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2026-31490] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-31491] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-31492 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31492] = "cpe-stable-backport: Backported in 6.6.131" # CVE-2026-31493 needs backporting (fixed from 7.0) -# CVE-2026-31494 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31494] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31495 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31495] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31496 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31496] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31497 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31497] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31498 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31498] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31499] = "fixed-version: only affects 6.12.20 onwards" -# CVE-2026-31500 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31500] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31501] = "fixed-version: only affects 6.15 onwards" # CVE-2026-31502 needs backporting (fixed from 7.0) -# CVE-2026-31503 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31503] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31504 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31504] = "cpe-stable-backport: Backported in 6.6.131" # CVE-2026-31505 needs backporting (fixed from 7.0) # CVE-2026-31506 needs backporting (fixed from 7.0) -# CVE-2026-31507 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31507] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31508 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31508] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31509 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31509] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31510 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31510] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31511] = "fixed-version: only affects 6.12.59 onwards" -# CVE-2026-31512 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31512] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31513] = "fixed-version: only affects 6.12.75 onwards" CVE_STATUS[CVE-2026-31514] = "fixed-version: only affects 6.12.75 onwards" -# CVE-2026-31515 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31515] = "cpe-stable-backport: Backported in 6.6.131" # CVE-2026-31516 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-31517] = "fixed-version: only affects 6.14 onwards" -# CVE-2026-31518 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31518] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31519 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31519] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31520 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31520] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31521 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31521] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31522 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31522] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31523 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31523] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31524 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31524] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31525 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31525] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31526] = "fixed-version: only affects 6.7 onwards" -# CVE-2026-31527 needs backporting (fixed from 7.0) +CVE_STATUS[CVE-2026-31527] = "cpe-stable-backport: Backported in 6.6.142" -# CVE-2026-31528 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31528] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31529] = "fixed-version: only affects 6.19 onwards" @@ -21748,9 +21772,9 @@ CVE_STATUS[CVE-2026-31529] = "fixed-version: only affects 6.19 onwards" # CVE-2026-31531 needs backporting (fixed from 7.0) -# CVE-2026-31532 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31532] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31533 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31533] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-31535] = "fixed-version: only affects 6.18 onwards" @@ -21762,37 +21786,37 @@ CVE_STATUS[CVE-2026-31538] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-31539] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-31540 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31540] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31541] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-31542 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31542] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31543] = "fixed-version: only affects 6.16 onwards" CVE_STATUS[CVE-2026-31544] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-31545 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31545] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31546 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31546] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31547] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31548 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31548] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31549 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31549] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31550 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31550] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31551 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31551] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31552 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31552] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-31553] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-31554] = "fixed-version: only affects 6.7 onwards" -# CVE-2026-31555 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31555] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31556] = "fixed-version: only affects 6.8 onwards" @@ -21808,13 +21832,13 @@ CVE_STATUS[CVE-2026-31561] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2026-31562] = "fixed-version: only affects 6.9 onwards" -# CVE-2026-31563 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31563] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31564] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31565 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31565] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31566 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31566] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31567] = "fixed-version: only affects 6.17.8 onwards" @@ -21822,7 +21846,7 @@ CVE_STATUS[CVE-2026-31567] = "fixed-version: only affects 6.17.8 onwards" CVE_STATUS[CVE-2026-31569] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-31570 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31570] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-31571] = "fixed-version: only affects 6.15 onwards" @@ -21834,113 +21858,113 @@ CVE_STATUS[CVE-2026-31574] = "fixed-version: only affects 7.0 onwards" CVE_STATUS[CVE-2026-31575] = "fixed-version: only affects 6.7 onwards" -# CVE-2026-31576 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31576] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31577 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31577] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31578 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31578] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31579 needs backporting (fixed from 7.1rc1) +# CVE-2026-31579 needs backporting (fixed from 7.1) -# CVE-2026-31580 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31580] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31581 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31581] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-31582] = "fixed-version: only affects 6.7 onwards" -# CVE-2026-31583 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31583] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31584 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31584] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31585 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31585] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31586 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31586] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31587 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31587] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31588 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31588] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-31589] = "fixed-version: only affects 6.14 onwards" -# CVE-2026-31590 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31590] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-31591] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-31592 needs backporting (fixed from 7.1rc1) +# CVE-2026-31592 needs backporting (fixed from 7.1) CVE_STATUS[CVE-2026-31593] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-31594 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31594] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31595 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31595] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31596 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31596] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31597 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31597] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31598 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31598] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31599 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31599] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-31600] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-31601] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31602 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31602] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31603 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31603] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31604 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31604] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31605 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31605] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31606 needs backporting (fixed from 7.1rc1) +# CVE-2026-31606 needs backporting (fixed from 7.1) -# CVE-2026-31607 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31607] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-31608] = "fixed-version: only affects 6.18.11 onwards" CVE_STATUS[CVE-2026-31609] = "fixed-version: only affects 6.18.11 onwards" -# CVE-2026-31610 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31610] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31611 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31611] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31612 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31612] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31613 may need backporting (fixed from 6.6.141) +CVE_STATUS[CVE-2026-31613] = "cpe-stable-backport: Backported in 6.6.141" -# CVE-2026-31614 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31614] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31615 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31615] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31616 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31616] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31617 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31617] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31618 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31618] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31619 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31619] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-31620] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-31621] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31622 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31622] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31623 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31623] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31624 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31624] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31625 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31625] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31626 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31626] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31627 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31627] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31628 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31628] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31629 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31629] = "cpe-stable-backport: Backported in 6.6.136" # CVE-2026-31630 needs backporting (fixed from 7.0) @@ -21950,23 +21974,23 @@ CVE_STATUS[CVE-2026-31632] = "fixed-version: only affects 6.16 onwards" CVE_STATUS[CVE-2026-31633] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-31634 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31634] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-31635] = "fixed-version: only affects 6.16 onwards" CVE_STATUS[CVE-2026-31636] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-31637 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31637] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31638 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31638] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31639 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31639] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-31640] = "fixed-version: only affects 6.16 onwards" CVE_STATUS[CVE-2026-31641] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-31642 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31642] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-31643] = "fixed-version: only affects 6.16 onwards" @@ -21974,17 +21998,17 @@ CVE_STATUS[CVE-2026-31644] = "fixed-version: only affects 6.12 onwards" # CVE-2026-31645 needs backporting (fixed from 7.0) -# CVE-2026-31646 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31646] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-31647] = "fixed-version: only affects 6.9 onwards" -# CVE-2026-31648 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31648] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31649 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31649] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-31650] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-31651 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31651] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-31652] = "fixed-version: only affects 6.17 onwards" @@ -21992,75 +22016,73 @@ CVE_STATUS[CVE-2026-31653] = "fixed-version: only affects 6.17 onwards" CVE_STATUS[CVE-2026-31654] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31655 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31655] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31656 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31656] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31657 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31657] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31658 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31658] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31659 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31659] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31660 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31660] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31661 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31661] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31662 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31662] = "cpe-stable-backport: Backported in 6.6.135" # CVE-2026-31663 needs backporting (fixed from 7.0) -# CVE-2026-31664 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31664] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31665 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31665] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-31666] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-31667 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31667] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31668 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31668] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31669 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31669] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31670 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31670] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31671 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31671] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31672 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31672] = "cpe-stable-backport: Backported in 6.6.135" -# CVE-2026-31673 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31673] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31674 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31674] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31675 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31675] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31676 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31676] = "cpe-stable-backport: Backported in 6.6.136" # CVE-2026-31677 needs backporting (fixed from 7.0) -# CVE-2026-31678 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31678] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31679 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-31679] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-31680 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31680] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31681 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31681] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31682 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31682] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31683 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31683] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-31684 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31684] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31685 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31685] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31686 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31686] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-31687] = "cpe-stable-backport: Backported in 6.6.126" -# CVE-2026-31688 needs backporting (fixed from 7.0) - -# CVE-2026-31689 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31689] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-31690] = "fixed-version: only affects 6.15 onwards" @@ -22068,63 +22090,63 @@ CVE_STATUS[CVE-2026-31691] = "fixed-version: only affects 6.14 onwards" # CVE-2026-31692 needs backporting (fixed from 7.0) -# CVE-2026-31693 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-31693] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-31694 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31694] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-31695 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31695] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31696 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31696] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31697 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31697] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31698 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31698] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31699 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31699] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31700 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31700] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31701 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31701] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31702 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31702] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-31703] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-31704 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31704] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31705 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31705] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31706 needs backporting (fixed from 7.1rc1) +# CVE-2026-31706 needs backporting (fixed from 7.1) -# CVE-2026-31707 may need backporting (fixed from 6.6.141) +CVE_STATUS[CVE-2026-31707] = "cpe-stable-backport: Backported in 6.6.141" -# CVE-2026-31708 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31708] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31709 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-31709] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2026-31710] = "fixed-version: only affects 7.0 onwards" -# CVE-2026-31711 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31711] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31712 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-31712] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2026-31713] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-31714 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31714] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31715 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-31715] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-31716 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-31716] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-31717 may need backporting (fixed from 6.7) +CVE_STATUS[CVE-2026-31717] = "cpe-stable-backport: Backported in 6.6.142" -# CVE-2026-31718 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-31718] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2026-31719] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-31720 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31720] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31721 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-31721] = "cpe-stable-backport: Backported in 6.6.135" # CVE-2026-31722 needs backporting (fixed from 7.0) @@ -22134,15 +22156,15 @@ CVE_STATUS[CVE-2026-31719] = "fixed-version: only affects 6.15 onwards" # CVE-2026-31725 needs backporting (fixed from 7.0) -# CVE-2026-31726 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31726] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31727] = "fixed-version: only affects 6.12.78 onwards" -# CVE-2026-31728 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31728] = "cpe-stable-backport: Backported in 6.6.134" # CVE-2026-31729 needs backporting (fixed from 7.0) -# CVE-2026-31730 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31730] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31731] = "fixed-version: only affects 6.8 onwards" @@ -22156,15 +22178,15 @@ CVE_STATUS[CVE-2026-31735] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-31736] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-31737 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31737] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31738 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31738] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31739] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-31740 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31740] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31741 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31741] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31742] = "fixed-version: only affects 6.18.20 onwards" @@ -22176,39 +22198,39 @@ CVE_STATUS[CVE-2026-31745] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-31746] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-31747 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31747] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31748 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31748] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31749 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31749] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31750] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31751 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31751] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31752 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31752] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31753] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31754 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31754] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31755 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31755] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31756 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31756] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31757] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-31758 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31758] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31759 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31759] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31760] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-31761 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31761] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31762 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31762] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31763 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31763] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31764] = "fixed-version: only affects 6.19 onwards" @@ -22218,17 +22240,17 @@ CVE_STATUS[CVE-2026-31766] = "fixed-version: only affects 6.16 onwards" # CVE-2026-31767 needs backporting (fixed from 7.0) -# CVE-2026-31768 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31768] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31769] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-31770 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31770] = "cpe-stable-backport: Backported in 6.6.134" # CVE-2026-31771 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-31772] = "fixed-version: only affects 6.12.2 onwards" -# CVE-2026-31773 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31773] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31774] = "fixed-version: only affects 6.10 onwards" @@ -22238,13 +22260,13 @@ CVE_STATUS[CVE-2026-31776] = "fixed-version: only affects 6.19 onwards" # CVE-2026-31777 needs backporting (fixed from 7.0) -# CVE-2026-31778 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31778] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31779 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31779] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31780 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31780] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-31781 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-31781] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-31782] = "fixed-version: only affects 6.16 onwards" @@ -22254,11 +22276,11 @@ CVE_STATUS[CVE-2026-31784] = "fixed-version: only affects 6.17 onwards" CVE_STATUS[CVE-2026-31785] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-31786 may need backporting (fixed from 6.6.137) +CVE_STATUS[CVE-2026-31786] = "cpe-stable-backport: Backported in 6.6.137" -# CVE-2026-31787 may need backporting (fixed from 6.6.137) +CVE_STATUS[CVE-2026-31787] = "cpe-stable-backport: Backported in 6.6.137" -# CVE-2026-31788 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-31788] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43004] = "fixed-version: only affects 6.15 onwards" @@ -22266,181 +22288,181 @@ CVE_STATUS[CVE-2026-43005] = "fixed-version: only affects 6.17 onwards" CVE_STATUS[CVE-2026-43006] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43007 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43007] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-43008] = "fixed-version: only affects 6.19 onwards" # CVE-2026-43009 needs backporting (fixed from 7.0) -# CVE-2026-43010 needs backporting (fixed from 7.0) +# CVE-2026-43010 may need backporting (fixed from 6.6.144) -# CVE-2026-43011 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43011] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-43012] = "fixed-version: only affects 6.12.9 onwards" -# CVE-2026-43013 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43013] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43014 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43014] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43015 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43015] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43016 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43016] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43017 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43017] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43018 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43018] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43019 needs backporting (fixed from 7.0) +# CVE-2026-43019 may need backporting (fixed from 6.6.143) -# CVE-2026-43020 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43020] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-43021] = "fixed-version: only affects 6.19 onwards" # CVE-2026-43022 may need backporting (fixed from 6.7) -# CVE-2026-43023 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43023] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43024 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43024] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43025 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43025] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43026 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43026] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43027 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43027] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43028 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43028] = "cpe-stable-backport: Backported in 6.6.134" # CVE-2026-43029 may need backporting (fixed from 6.7) -# CVE-2026-43030 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43030] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-43031] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43032 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43032] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43033 may need backporting (fixed from 6.6.137) +CVE_STATUS[CVE-2026-43033] = "cpe-stable-backport: Backported in 6.6.137" CVE_STATUS[CVE-2026-43034] = "fixed-version: only affects 6.8 onwards" -# CVE-2026-43035 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43035] = "cpe-stable-backport: Backported in 6.6.134" # CVE-2026-43036 needs backporting (fixed from 7.0) -# CVE-2026-43037 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43037] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43038 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43038] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-43039] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43040 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43040] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43041 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43041] = "cpe-stable-backport: Backported in 6.6.134" # CVE-2026-43042 needs backporting (fixed from 7.0) -# CVE-2026-43043 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43043] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43044 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43044] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-43045] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43046 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43046] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43047 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43047] = "cpe-stable-backport: Backported in 6.6.134" # CVE-2026-43048 needs backporting (fixed from 7.0) # CVE-2026-43049 needs backporting (fixed from 7.0) -# CVE-2026-43050 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43050] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43051 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43051] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43052 needs backporting (fixed from 7.0) +CVE_STATUS[CVE-2026-43052] = "cpe-stable-backport: Backported in 6.6.142" # CVE-2026-43053 needs backporting (fixed from 7.0) -# CVE-2026-43054 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43054] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-43055] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-43056 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43056] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43057 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43057] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43058 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43058] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-43059] = "fixed-version: only affects 6.12.59 onwards" -# CVE-2026-43060 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43060] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43061 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43061] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43062 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43062] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43063] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-43064 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-43064] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-43065 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-43065] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-43066 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-43066] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-43067 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43067] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43068 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-43068] = "cpe-stable-backport: Backported in 6.6.131" -# CVE-2026-43069 may need backporting (fixed from 6.6.131) +CVE_STATUS[CVE-2026-43069] = "cpe-stable-backport: Backported in 6.6.131" CVE_STATUS[CVE-2026-43070] = "fixed-version: only affects 6.18.17 onwards" -# CVE-2026-43071 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43071] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43072 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43072] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43073 needs backporting (fixed from 7.1rc1) +# CVE-2026-43073 needs backporting (fixed from 7.1) -# CVE-2026-43074 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43074] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43075 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43075] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43076 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43076] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43077 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43077] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43078 may need backporting (fixed from 6.6.137) +CVE_STATUS[CVE-2026-43078] = "cpe-stable-backport: Backported in 6.6.137" -# CVE-2026-43079 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43079] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43080 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43080] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43081 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43081] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43082 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43082] = "cpe-stable-backport: Backported in 6.6.136" # CVE-2026-43083 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-43084] = "fixed-version: only affects 6.12.75 onwards" -# CVE-2026-43085 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43085] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43086 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43086] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-43087] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43088 needs backporting (fixed from 7.0) +# CVE-2026-43088 may need backporting (fixed from 6.6.143) -# CVE-2026-43089 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43089] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-43090] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-43091 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43091] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43092 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43092] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43093 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43093] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43094 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43094] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-43095] = "fixed-version: only affects 6.17 onwards" @@ -22448,9 +22470,9 @@ CVE_STATUS[CVE-2026-43096] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-43097] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43098 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43098] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43099 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43099] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-43100] = "fixed-version: only affects 6.18 onwards" @@ -22458,11 +22480,11 @@ CVE_STATUS[CVE-2026-43100] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-43102] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43103 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43103] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43104 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43104] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43105 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43105] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-43106] = "fixed-version: only affects 6.19 onwards" @@ -22470,37 +22492,35 @@ CVE_STATUS[CVE-2026-43106] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-43108] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-43109 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-43109] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-43110 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43110] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43111 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43111] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43112 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43112] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43113 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43113] = "cpe-stable-backport: Backported in 6.6.136" -# CVE-2026-43114 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43114] = "cpe-stable-backport: Backported in 6.6.136" # CVE-2026-43115 needs backporting (fixed from 7.0) -# CVE-2026-43116 needs backporting (fixed from 7.0) +# CVE-2026-43116 may need backporting (fixed from 6.6.143) -# CVE-2026-43117 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43117] = "cpe-stable-backport: Backported in 6.6.136" # CVE-2026-43118 needs backporting (fixed from 7.0) # CVE-2026-43119 needs backporting (fixed from 7.0) -# CVE-2026-43120 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43120] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-43121] = "fixed-version: only affects 6.15 onwards" -CVE_STATUS[CVE-2026-43122] = "fixed-version: only affects 6.18 onwards" - -# CVE-2026-43123 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43123] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43124 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43124] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43125 needs backporting (fixed from 7.0) @@ -22508,55 +22528,55 @@ CVE_STATUS[CVE-2026-43122] = "fixed-version: only affects 6.18 onwards" # CVE-2026-43127 may need backporting (fixed from 6.7) -# CVE-2026-43128 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43128] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43129 needs backporting (fixed from 7.0) +# CVE-2026-43129 may need backporting (fixed from 6.6.143) -# CVE-2026-43130 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43130] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43131] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43132 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43132] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43133 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43133] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43134 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43134] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43135 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43135] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43136 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43136] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43137 may need backporting (fixed from 6.6.141) +CVE_STATUS[CVE-2026-43137] = "cpe-stable-backport: Backported in 6.6.141" CVE_STATUS[CVE-2026-43138] = "fixed-version: only affects 6.9 onwards" -# CVE-2026-43139 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43139] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43140 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43140] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43141 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43141] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43142] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43143 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43143] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43144] = "fixed-version: only affects 6.13 onwards" -# CVE-2026-43145 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43145] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43146] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43147 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43147] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43148 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43148] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43149 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43149] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43150 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43150] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43151] = "fixed-version: only affects 6.18.3 onwards" -# CVE-2026-43152 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43152] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43153 needs backporting (fixed from 7.0) @@ -22564,21 +22584,21 @@ CVE_STATUS[CVE-2026-43154] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-43155] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-43156 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43156] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43157 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43157] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43158 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43158] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43159 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43159] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43160] = "fixed-version: only affects 6.17 onwards" # CVE-2026-43161 needs backporting (fixed from 7.0) -# CVE-2026-43162 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43162] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43163 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43163] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43164] = "fixed-version: only affects 6.18 onwards" @@ -22586,19 +22606,19 @@ CVE_STATUS[CVE-2026-43165] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2026-43166] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43167 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43167] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43168 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43168] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43169] = "fixed-version: only affects 6.7 onwards" -# CVE-2026-43170 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43170] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43171 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43171] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43172 needs backporting (fixed from 7.0) -# CVE-2026-43173 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43173] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43174] = "fixed-version: only affects 6.15 onwards" @@ -22612,27 +22632,27 @@ CVE_STATUS[CVE-2026-43178] = "fixed-version: only affects 6.12.70 onwards" CVE_STATUS[CVE-2026-43179] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-43180 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43180] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43181] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-43182 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43182] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43183 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43183] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43184 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43184] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43185 needs backporting (fixed from 7.0) -# CVE-2026-43186 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43186] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43187 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43187] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43188] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43189 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43189] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43190 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43190] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43191] = "fixed-version: only affects 6.7 onwards" @@ -22640,11 +22660,11 @@ CVE_STATUS[CVE-2026-43192] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-43193] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43194 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43194] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43195] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-43196 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43196] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43197 needs backporting (fixed from 7.0) @@ -22652,99 +22672,99 @@ CVE_STATUS[CVE-2026-43195] = "fixed-version: only affects 6.16 onwards" # CVE-2026-43199 needs backporting (fixed from 7.0) -# CVE-2026-43200 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43200] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43201] = "fixed-version: only affects 6.12.63 onwards" -# CVE-2026-43202 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43202] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43203 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43203] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43204 needs backporting (fixed from 7.0) -# CVE-2026-43205 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43205] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43206 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43206] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43207 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43207] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43208] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-43209 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43209] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43210] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-43211 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43211] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43212 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43212] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43213 needs backporting (fixed from 7.0) -# CVE-2026-43214 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43214] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43215 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43215] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43216 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-43217] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43218 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43218] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43219 needs backporting (fixed from 7.0) +# CVE-2026-43219 may need backporting (fixed from 6.6.143) -CVE_STATUS[CVE-2026-43220] = "fixed-version: only affects 6.6.128 onwards" +CVE_STATUS[CVE-2026-43220] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-43221 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43221] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43222 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43222] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43223 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43223] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43224] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-43225 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43225] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43226 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43226] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43227 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43227] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43228] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-43229] = "fixed-version: only affects 6.8 onwards" -# CVE-2026-43230 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43230] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43231 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43231] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43232 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43232] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43233 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43233] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43234 needs backporting (fixed from 7.0) CVE_STATUS[CVE-2026-43235] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-43236 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43236] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43237] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-43238 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43238] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43239 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43239] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43240 may need backporting (fixed from 6.6.128) +# CVE-2026-43240 may need backporting (fixed from 6.6.143) -# CVE-2026-43241 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43241] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43242 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43242] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43243] = "fixed-version: only affects 6.11 onwards" # CVE-2026-43244 needs backporting (fixed from 7.0) -# CVE-2026-43245 may need backporting (fixed from 6.6.141) +CVE_STATUS[CVE-2026-43245] = "cpe-stable-backport: Backported in 6.6.141" -# CVE-2026-43246 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43246] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43247] = "fixed-version: only affects 6.13 onwards" @@ -22754,19 +22774,19 @@ CVE_STATUS[CVE-2026-43247] = "fixed-version: only affects 6.13 onwards" # CVE-2026-43250 needs backporting (fixed from 7.0) -# CVE-2026-43251 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43251] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43252 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43252] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43253 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43253] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43254] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-43255 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43255] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43256 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43256] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43257 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43257] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43258 needs backporting (fixed from 7.0) @@ -22774,67 +22794,67 @@ CVE_STATUS[CVE-2026-43259] = "fixed-version: only affects 6.15 onwards" CVE_STATUS[CVE-2026-43260] = "fixed-version: only affects 6.11 onwards" -# CVE-2026-43261 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43261] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43262 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43262] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43263] = "fixed-version: only affects 6.8 onwards" -# CVE-2026-43264 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43264] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43265 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43265] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43266 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43266] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43267] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-43268 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43268] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43269 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43269] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43270 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43270] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43271 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43271] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43272] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-43273 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43273] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43274] = "fixed-version: only affects 6.14 onwards" -# CVE-2026-43275 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43275] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43276] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-43277 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43277] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43278 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43278] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43279 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43279] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43280] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-43281 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43281] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43282] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-43283 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43283] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43284 may need backporting (fixed from 6.6.138) +CVE_STATUS[CVE-2026-43284] = "cpe-stable-backport: Backported in 6.6.138" CVE_STATUS[CVE-2026-43285] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-43286] = "fixed-version: only affects 6.14.8 onwards" -# CVE-2026-43287 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43287] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43288 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43288] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43289 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43289] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43290] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-43291 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43291] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43292] = "fixed-version: only affects 6.9 onwards" @@ -22842,9 +22862,9 @@ CVE_STATUS[CVE-2026-43293] = "fixed-version: only affects 6.10 onwards" # CVE-2026-43294 needs backporting (fixed from 7.0) -# CVE-2026-43295 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43295] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43296 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43296] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43297] = "fixed-version: only affects 6.8 onwards" @@ -22856,11 +22876,11 @@ CVE_STATUS[CVE-2026-43300] = "fixed-version: only affects 6.7 onwards" CVE_STATUS[CVE-2026-43301] = "fixed-version: only affects 6.8 onwards" -# CVE-2026-43302 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43302] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43303 needs backporting (fixed from 7.0) +# CVE-2026-43303 may need backporting (fixed from 6.6.143) -# CVE-2026-43304 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43304] = "cpe-stable-backport: Backported in 6.6.128" CVE_STATUS[CVE-2026-43305] = "fixed-version: only affects 6.19 onwards" @@ -22874,23 +22894,23 @@ CVE_STATUS[CVE-2026-43307] = "fixed-version: only affects 6.12 onwards" # CVE-2026-43310 needs backporting (fixed from 7.0) -# CVE-2026-43311 needs backporting (fixed from 7.0) +# CVE-2026-43311 may need backporting (fixed from 6.6.143) -# CVE-2026-43312 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43312] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43313 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43313] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43314 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43314] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43315 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43315] = "cpe-stable-backport: Backported in 6.6.128" -# CVE-2026-43316 may need backporting (fixed from 6.6.128) +CVE_STATUS[CVE-2026-43316] = "cpe-stable-backport: Backported in 6.6.128" # CVE-2026-43317 needs backporting (fixed from 7.0) # CVE-2026-43318 needs backporting (fixed from 7.0) -# CVE-2026-43319 needs backporting (fixed from 7.0) +CVE_STATUS[CVE-2026-43319] = "cpe-stable-backport: Backported in 6.6.142" CVE_STATUS[CVE-2026-43320] = "fixed-version: only affects 6.10.13 onwards" @@ -22900,49 +22920,49 @@ CVE_STATUS[CVE-2026-43322] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-43323] = "fixed-version: only affects 6.12.78 onwards" -# CVE-2026-43324 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43324] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-43325] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2026-43326] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-43327 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43327] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43328 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43328] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43329 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43329] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43330 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43330] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43331 needs backporting (fixed from 7.0) +# CVE-2026-43331 may need backporting (fixed from 6.6.143) -# CVE-2026-43332 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43332] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43333 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43333] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43334 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43334] = "cpe-stable-backport: Backported in 6.6.134" CVE_STATUS[CVE-2026-43335] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43336 may need backporting (fixed from 6.6.135) +CVE_STATUS[CVE-2026-43336] = "cpe-stable-backport: Backported in 6.6.135" CVE_STATUS[CVE-2026-43337] = "fixed-version: only affects 6.11.3 onwards" # CVE-2026-43338 needs backporting (fixed from 7.0) -# CVE-2026-43339 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43339] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43340 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43340] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43341 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43341] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43342 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43342] = "cpe-stable-backport: Backported in 6.6.134" -# CVE-2026-43343 may need backporting (fixed from 6.6.134) +CVE_STATUS[CVE-2026-43343] = "cpe-stable-backport: Backported in 6.6.134" # CVE-2026-43344 needs backporting (fixed from 7.0) -# CVE-2026-43345 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43345] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-43346] = "fixed-version: only affects 6.12.11 onwards" @@ -22952,7 +22972,7 @@ CVE_STATUS[CVE-2026-43348] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-43349] = "fixed-version: only affects 6.18.13 onwards" -# CVE-2026-43350 may need backporting (fixed from 6.6.136) +CVE_STATUS[CVE-2026-43350] = "cpe-stable-backport: Backported in 6.6.136" CVE_STATUS[CVE-2026-43351] = "fixed-version: only affects 6.14 onwards" @@ -22962,71 +22982,71 @@ CVE_STATUS[CVE-2026-43351] = "fixed-version: only affects 6.14 onwards" CVE_STATUS[CVE-2026-43354] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-43355 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43355] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43356] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43357 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43357] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43358] = "fixed-version: only affects 6.16.4 onwards" -# CVE-2026-43359 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43359] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43360 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43360] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43361 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43361] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43362 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43362] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43363 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43363] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43364] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-43365 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43365] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43366 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43366] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43367] = "fixed-version: only affects 6.18.16 onwards" -# CVE-2026-43368 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43368] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43369] = "fixed-version: only affects 6.18.16 onwards" -# CVE-2026-43370 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43370] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43371 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43371] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43372 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43372] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43373 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43373] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43374] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2026-43375] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43376 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43376] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43377 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43377] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43378 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43378] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43379 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43379] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43380 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43380] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43381 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43381] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43382 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43382] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43383 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43383] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43384] = "fixed-version: only affects 6.7 onwards" CVE_STATUS[CVE-2026-43385] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43386 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43386] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43387 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43387] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43388] = "fixed-version: only affects 6.14 onwards" @@ -23046,7 +23066,7 @@ CVE_STATUS[CVE-2026-43395] = "fixed-version: only affects 6.8 onwards" CVE_STATUS[CVE-2026-43396] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-43397 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43397] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43398] = "fixed-version: only affects 6.16 onwards" @@ -23062,27 +23082,27 @@ CVE_STATUS[CVE-2026-43403] = "fixed-version: only affects 6.12 onwards" CVE_STATUS[CVE-2026-43404] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43405 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43405] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43406 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43406] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43407 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43407] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43408] = "fixed-version: only affects 6.12.48 onwards" -# CVE-2026-43409 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43409] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43410] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43411 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43411] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43412 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43412] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43413 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43413] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2026-43414 may need backporting (fixed from 6.7) -# CVE-2026-43415 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43415] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2026-43416 needs backporting (fixed from 7.0) @@ -23090,33 +23110,29 @@ CVE_STATUS[CVE-2026-43417] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-43418] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43419 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43419] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43420 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43420] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43421 needs backporting (fixed from 7.0) +# CVE-2026-43421 may need backporting (fixed from 6.6.143) -CVE_STATUS[CVE-2026-43422] = "fixed-version: only affects 6.18.17 onwards" +CVE_STATUS[CVE-2026-43424] = "cpe-stable-backport: Backported in 6.6.130" -CVE_STATUS[CVE-2026-43423] = "fixed-version: only affects 6.18.17 onwards" +CVE_STATUS[CVE-2026-43425] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43424 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43426] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43425 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43427] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43426 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43428] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43427 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43429] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43428 may need backporting (fixed from 6.6.130) - -# CVE-2026-43429 may need backporting (fixed from 6.6.130) - -# CVE-2026-43430 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43430] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43431] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43432 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43432] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43433] = "fixed-version: only affects 6.18 onwards" @@ -23124,17 +23140,17 @@ CVE_STATUS[CVE-2026-43434] = "fixed-version: only affects 6.18 onwards" CVE_STATUS[CVE-2026-43435] = "fixed-version: only affects 6.18 onwards" -# CVE-2026-43436 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43436] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43437 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43437] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43438] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-43439 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43439] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43440] = "fixed-version: only affects 6.18.16 onwards" -# CVE-2026-43441 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43441] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43442] = "fixed-version: only affects 6.19 onwards" @@ -23142,35 +23158,35 @@ CVE_STATUS[CVE-2026-43442] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-43444] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-43445 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43445] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43446] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-43447] = "fixed-version: only affects 6.15 onwards" -# CVE-2026-43448 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43448] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43449 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43449] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43450 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43450] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43451 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43451] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43452 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43452] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43453 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43453] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43454] = "fixed-version: only affects 6.16 onwards" -# CVE-2026-43455 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43455] = "cpe-stable-backport: Backported in 6.6.130" # CVE-2026-43456 needs backporting (fixed from 7.0) -# CVE-2026-43457 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43457] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43458 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43458] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43459 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43459] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43460] = "fixed-version: only affects 6.14 onwards" @@ -23184,27 +23200,27 @@ CVE_STATUS[CVE-2026-43463] = "fixed-version: only affects 6.7.3 onwards" # CVE-2026-43465 may need backporting (fixed from 6.7) -# CVE-2026-43466 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43466] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43467] = "fixed-version: only affects 6.12.56 onwards" -# CVE-2026-43468 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43468] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43469 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43469] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43470] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-43471 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43471] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43472 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43472] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43473 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43473] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43474] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-43475 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43475] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43476 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43476] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43477] = "fixed-version: only affects 6.16 onwards" @@ -23212,15 +23228,15 @@ CVE_STATUS[CVE-2026-43478] = "fixed-version: only affects 6.19 onwards" CVE_STATUS[CVE-2026-43479] = "fixed-version: only affects 6.17 onwards" -# CVE-2026-43480 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43480] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43481] = "fixed-version: only affects 6.13 onwards" CVE_STATUS[CVE-2026-43482] = "fixed-version: only affects 6.12 onwards" -# CVE-2026-43483 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43483] = "cpe-stable-backport: Backported in 6.6.130" -# CVE-2026-43484 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43484] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43485] = "fixed-version: only affects 6.7 onwards" @@ -23228,45 +23244,1947 @@ CVE_STATUS[CVE-2026-43486] = "fixed-version: only affects 6.9 onwards" CVE_STATUS[CVE-2026-43487] = "fixed-version: only affects 6.9 onwards" -# CVE-2026-43488 may need backporting (fixed from 6.6.130) +CVE_STATUS[CVE-2026-43488] = "cpe-stable-backport: Backported in 6.6.130" CVE_STATUS[CVE-2026-43489] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43490 may need backporting (fixed from 6.6.141) +CVE_STATUS[CVE-2026-43490] = "cpe-stable-backport: Backported in 6.6.141" -# CVE-2026-43491 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-43491] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-43492 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-43492] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-43493 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-43493] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-43494 may need backporting (fixed from 6.6.141) +CVE_STATUS[CVE-2026-43494] = "cpe-stable-backport: Backported in 6.6.141" -# CVE-2026-43495 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-43495] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-43496 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-43496] = "cpe-stable-backport: Backported in 6.6.140" -# CVE-2026-43497 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-43497] = "cpe-stable-backport: Backported in 6.6.140" CVE_STATUS[CVE-2026-43498] = "fixed-version: only affects 6.19 onwards" -# CVE-2026-43499 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-43499] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-43500] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-43501] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-43502] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-43503] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45834] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45835] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45836] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45837] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-45838] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45839] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45840] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45841] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45842] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45843] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45844] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45845] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45846] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-45847] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45848] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45849] = "cpe-stable-backport: Backported in 6.6.128" + +# CVE-2026-45850 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-45851] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45852] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45853] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-45854] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-45855 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45856] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45857] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45858] = "cpe-stable-backport: Backported in 6.6.130" + +# CVE-2026-45859 may need backporting (fixed from 6.7) + +CVE_STATUS[CVE-2026-45860] = "cpe-stable-backport: Backported in 6.6.128" + +# CVE-2026-45861 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45862] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45863] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-45864] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45865] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45866] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45867] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45868] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45869] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45870] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45871] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45872] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45873] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45874] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-45875] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45876] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-45877 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45878] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45879] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45880] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45881] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45882] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-45883] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45884] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-45885] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45886] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45887] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-45888] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-45889] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-45890] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45891] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45892] = "fixed-version: Fixed from version 6.1.168" + +# CVE-2026-45893 needs backporting (fixed from 7.0) + +# CVE-2026-45894 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45895] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45896] = "fixed-version: only affects 6.17 onwards" + +# CVE-2026-45897 may need backporting (fixed from 6.7) + +CVE_STATUS[CVE-2026-45898] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-45899] = "cpe-stable-backport: Backported in 6.6.130" + +CVE_STATUS[CVE-2026-45900] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-45901 may need backporting (fixed from 6.7) + +CVE_STATUS[CVE-2026-45902] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45903] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-45904] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45905] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45906] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-45907] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-45908] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-45909] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-45910] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45911] = "cpe-stable-backport: Backported in 6.6.130" + +CVE_STATUS[CVE-2026-45912] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45913] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45914] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45915] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45916] = "cpe-stable-backport: Backported in 6.6.128" + +# CVE-2026-45917 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45918] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-45919] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45920] = "cpe-stable-backport: Backported in 6.6.130" + +CVE_STATUS[CVE-2026-45921] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45922] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-45923] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45924] = "cpe-stable-backport: Backported in 6.6.130" + +CVE_STATUS[CVE-2026-45925] = "fixed-version: only affects 6.12.18 onwards" + +CVE_STATUS[CVE-2026-45926] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-45927] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-45928] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-45929] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-45930 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-45931] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-45932 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45933] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-45934 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45935] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45936] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45937] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-45938] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-45939] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-45940 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45941] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45942] = "cpe-stable-backport: Backported in 6.6.130" + +# CVE-2026-45943 needs backporting (fixed from 7.0) + +# CVE-2026-45944 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45945] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2026-45946] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45947] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45948] = "cpe-stable-backport: Backported in 6.6.128" + +# CVE-2026-45949 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45950] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-45951] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-45952] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-45953] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-45954] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45955] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-45956] = "cpe-stable-backport: Backported in 6.6.130" + +CVE_STATUS[CVE-2026-45957] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45958] = "cpe-stable-backport: Backported in 6.6.130" + +CVE_STATUS[CVE-2026-45959] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-45960] = "cpe-stable-backport: Backported in 6.6.128" + +# CVE-2026-45961 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45962] = "cpe-stable-backport: Backported in 6.6.128" + +# CVE-2026-45963 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-45964] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45965] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45966] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-45967] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-45968] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45969] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45970] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45971] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-45972] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45973] = "fixed-version: only affects 6.12.2 onwards" + +CVE_STATUS[CVE-2026-45974] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45975] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-45976] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45977] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-45978] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45979] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-45980] = "fixed-version: only affects 6.14.9 onwards" + +CVE_STATUS[CVE-2026-45981] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45982] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45983] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45984] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-45985] = "cpe-stable-backport: Backported in 6.6.130" + +CVE_STATUS[CVE-2026-45986] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45987] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45988] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45989] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45990] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-45991] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45993] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45994] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45995] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-45996] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45997] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45998] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-45999] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46000] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46001] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-46002] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46003] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46004] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46005] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46006] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46007] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-46008] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-46009] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46010] = "fixed-version: only affects 6.16.9 onwards" + +CVE_STATUS[CVE-2026-46011] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46012] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46013] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-46014 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46015] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46016] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46017 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46018] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46019] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46020] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-46021] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46022] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46023] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46024] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46025] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-46026] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46027] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46028] = "cpe-stable-backport: Backported in 6.6.137" + +CVE_STATUS[CVE-2026-46029] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46030] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46031] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46032 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46033] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46034] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-46035] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46036] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-46037] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46038] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46039] = "fixed-version: only affects 6.16.9 onwards" + +CVE_STATUS[CVE-2026-46040] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46041] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-46042] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-46043] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46044 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46045] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46046] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46047] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46048] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46049] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46050] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46051] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46052] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46053] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46054 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-46055] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-46056] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46057] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-46058] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46059 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46060] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-46061] = "fixed-version: only affects 6.12.31 onwards" + +CVE_STATUS[CVE-2026-46062] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46063] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46064] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46065] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46066 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46067] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-46068] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-46069] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46070] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46071 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46072] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46073] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-46074] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-46075] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46076 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46077] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46078] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46079] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46080] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46081] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-46082] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46083] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46084] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46085] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46086] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46087] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-46088] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46089] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46090 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46091] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46092 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46093] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-46094] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46095] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46096] = "fixed-version: only affects 6.18.3 onwards" + +CVE_STATUS[CVE-2026-46097] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-46098] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46099] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46100] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-46101] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46102] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46103] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46104] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2026-46105] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-46106] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46107] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46108] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46109] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46110] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46111] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46112] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46113] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46114] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46115] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46116] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46117] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-46118] = "fixed-version: only affects 6.18.32 onwards" + +CVE_STATUS[CVE-2026-46119] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46120] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46121] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46122] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46123] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46124] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46125] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46126] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-46127] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46128] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46129] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46130 may need backporting (fixed from 6.7) + +CVE_STATUS[CVE-2026-46131] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46132] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46133] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46134] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-46135 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-46136] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46137] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-46138] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46139] = "fixed-version: only affects 6.12.23 onwards" + +# CVE-2026-46140 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-46141] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46142] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46143] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46144] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-46145] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-46146] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46147 needs backporting (fixed from 7.1) + +# CVE-2026-46148 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46149] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46150] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46151] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46152] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46153 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46154] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46155] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46156] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46157 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46158] = "cpe-stable-backport: Backported in 6.6.142" + +CVE_STATUS[CVE-2026-46159] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46160] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-46161] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46162] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-46163] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46164] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-46165] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46166] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-46167] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46168] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46169] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46170] = "cpe-stable-backport: Backported in 6.6.142" + +# CVE-2026-46171 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46172] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46173] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46174] = "cpe-stable-backport: Backported in 6.6.139" + +# CVE-2026-46175 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46176] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46177] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46178] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46179] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46180] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46181 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46182] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46183] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-46184] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46185] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46186] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46187] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46188] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-46189] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46190] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46191] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46192] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-46193] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46194] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46195] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46196] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46197] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46198] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46199] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46200 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46201] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-46202] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-46203] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-46204] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46205] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46206] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46207] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-46208] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46209] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46210] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46211] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-46212] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46213] = "fixed-version: only affects 6.15.6 onwards" + +CVE_STATUS[CVE-2026-46214] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46215] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46216] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-46218] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46219] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46220] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46221] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46222] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-46223] = "fixed-version: only affects 6.19.12 onwards" + +CVE_STATUS[CVE-2026-46224] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46225] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46226] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46227] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46228] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-46229] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46230] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46231] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46232] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46233] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46234] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46235] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46236] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46238] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46239] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-46240] = "fixed-version: only affects 6.18.16 onwards" + +# CVE-2026-46241 needs backporting (fixed from 7.1) + +# CVE-2026-46242 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-46243] = "cpe-stable-backport: Backported in 6.6.142" + +CVE_STATUS[CVE-2026-46244] = "cpe-stable-backport: Backported in 6.6.142" + +# CVE-2026-46245 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-46246] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-46247] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46248] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-46249] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46250] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46251] = "cpe-stable-backport: Backported in 6.6.128" + +# CVE-2026-46252 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-46253] = "cpe-stable-backport: Backported in 6.6.128" + +# CVE-2026-46254 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-46255] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46256] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-46257] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-46258] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-46259] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46260] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46261] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46262] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46263] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-46264] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-46265] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46266] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46267] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46268] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-46269] = "fixed-version: only affects 6.15.10 onwards" + +CVE_STATUS[CVE-2026-46270] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46271] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-46272 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-46273] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46274] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-46275] = "cpe-stable-backport: Backported in 6.6.142" + +CVE_STATUS[CVE-2026-46276] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46277] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-46278] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-46279] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-46280] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46281] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-46282 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46283] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-46284] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-46285] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46286] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46287] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46288] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-46289] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46290] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-46291] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46292] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-46293] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46294] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46295] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-46296] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46297] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-46298] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46299] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46300] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-46301] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-46302 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46303] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46304] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46305] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-46306] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46307] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46308] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46309] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-46310] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-46311] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-46312] = "cpe-stable-backport: Backported in 6.6.140" + +CVE_STATUS[CVE-2026-46313] = "fixed-version: only affects 6.10 onwards" + +# CVE-2026-46314 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-46315] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-46316] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-46317] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-46318] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-46319] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-46320 may need backporting (fixed from 6.6.143) + +# CVE-2026-46321 may need backporting (fixed from 6.6.143) + +# CVE-2026-46322 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-46323] = "cpe-stable-backport: Backported in 6.6.142" + +# CVE-2026-46324 needs backporting (fixed from 7.1) + +# CVE-2026-46325 needs backporting (fixed from 7.0) + +CVE_STATUS[CVE-2026-46326] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-46327] = "fixed-version: only affects 6.12.34 onwards" + +CVE_STATUS[CVE-2026-46328] = "cpe-stable-backport: Backported in 6.6.128" + +CVE_STATUS[CVE-2026-46329] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-46330 needs backporting (fixed from 7.0) + +# CVE-2026-46331 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-46332] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-46333] = "cpe-stable-backport: Backported in 6.6.139" + +CVE_STATUS[CVE-2026-52904] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-52905] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-52906] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-52907] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-52908 may need backporting (fixed from 6.6.143) + +# CVE-2026-52909 may need backporting (fixed from 6.6.144) + +# CVE-2026-52910 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-52911] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52912] = "cpe-stable-backport: Backported in 6.6.142" + +# CVE-2026-52913 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-52914] = "cpe-stable-backport: Backported in 6.6.142" + +CVE_STATUS[CVE-2026-52915] = "cpe-stable-backport: Backported in 6.6.142" + +CVE_STATUS[CVE-2026-52916] = "cpe-stable-backport: Backported in 6.6.142" + +# CVE-2026-52917 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-52918] = "cpe-stable-backport: Backported in 6.6.142" + +CVE_STATUS[CVE-2026-52919] = "cpe-stable-backport: Backported in 6.6.142" + +CVE_STATUS[CVE-2026-52920] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52921] = "cpe-stable-backport: Backported in 6.6.142" + +CVE_STATUS[CVE-2026-52922] = "cpe-stable-backport: Backported in 6.6.142" + +# CVE-2026-52923 may need backporting (fixed from 6.6.143) + +# CVE-2026-52924 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-52925] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52926] = "cpe-stable-backport: Backported in 6.6.142" + +# CVE-2026-52927 may need backporting (fixed from 6.6.143) + +# CVE-2026-52928 may need backporting (fixed from 6.6.144) + +# CVE-2026-52929 may need backporting (fixed from 6.6.143) + +# CVE-2026-52930 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-52931] = "cpe-stable-backport: Backported in 6.6.142" + +CVE_STATUS[CVE-2026-52932] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-52933] = "cpe-stable-backport: Backported in 6.6.140" + +# CVE-2026-52934 may need backporting (fixed from 6.6.143) + +# CVE-2026-52935 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-52936] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-52937 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-52938] = "fixed-version: only affects 7.0 onwards" + +# CVE-2026-52939 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-52940] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-52941] = "cpe-stable-backport: Backported in 6.6.142" + +# CVE-2026-52942 may need backporting (fixed from 6.6.143) + +# CVE-2026-52943 may need backporting (fixed from 6.6.143) + +# CVE-2026-52944 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-52945] = "fixed-version: only affects 6.15.3 onwards" + +# CVE-2026-52946 may need backporting (fixed from 6.6.143) + +# CVE-2026-52947 may need backporting (fixed from 6.6.143) + +# CVE-2026-52948 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-52949] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-52950] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-52951] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-52952] = "fixed-version: only affects 7.0 onwards" + +# CVE-2026-52953 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-52954] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52955] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-52956 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-52957] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52958] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52959] = "fixed-version: only affects 6.13.8 onwards" + +CVE_STATUS[CVE-2026-52960] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-52961 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-52962] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52963] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52964] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52965] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2026-52966] = "fixed-version: only affects 6.18.32 onwards" + +CVE_STATUS[CVE-2026-52967] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52968] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52969] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52970] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52971] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-52972] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52973] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-52974] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52975] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52976] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-52977] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52978] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-52979] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-52980] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-52981] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52982] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52983] = "fixed-version: only affects 6.12.91 onwards" + +CVE_STATUS[CVE-2026-52984] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52985] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52986] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52987] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-52988 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-52989] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-52990 needs backporting (fixed from 7.1) + +# CVE-2026-52991 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-52992] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52993] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52994] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-52995] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52996] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52997] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-52998] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-52999] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53000 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53001] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53002] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53003] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53004] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53005 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53006] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53007] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-53008] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-53009 needs backporting (fixed from 7.1) + +# CVE-2026-53010 may need backporting (fixed from 6.7) + +CVE_STATUS[CVE-2026-53011] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53012] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53013] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53014] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-53015 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53016] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53017 needs backporting (fixed from 7.1) + +# CVE-2026-53018 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53019] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-53020] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53021] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53022] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53023] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53024 needs backporting (fixed from 7.1) + +# CVE-2026-53025 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53026] = "fixed-version: only affects 6.18.4 onwards" + +# CVE-2026-53027 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53028] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-53029] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-53030] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53031] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-53032] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53033] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53034] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53035] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53036] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53037] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53038] = "fixed-version: only affects 6.10 onwards" + +CVE_STATUS[CVE-2026-53039] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53040] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53041] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53042] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-53043] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53044] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53045] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53046] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53047] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53048] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53049] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53050] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53051] = "fixed-version: only affects 6.12.2 onwards" + +CVE_STATUS[CVE-2026-53052] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53053 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53054] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53055] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53056] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53057] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2026-53058] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53059] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53060] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53061] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53062] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53063] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53064] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53065] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53066] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53067] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53068] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53069] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53070 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53071] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53072] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53073] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53074] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53075] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53076] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53077] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53078 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53079] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-53080 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53081] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-53082] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53083] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53084] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-53085] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-53086] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53087] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-53088] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53089 needs backporting (fixed from 7.1) + +# CVE-2026-53090 needs backporting (fixed from 7.1) + +# CVE-2026-53091 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53092] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-53093] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53094] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53095] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-53096] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53097 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53098] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53099] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-53100] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-53101] = "fixed-version: only affects 6.9 onwards" + +# CVE-2026-53102 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53103] = "fixed-version: only affects 6.11.2 onwards" + +CVE_STATUS[CVE-2026-53104] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-53105] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-53106 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53107] = "fixed-version: only affects 6.18.16 onwards" + +# CVE-2026-53108 needs backporting (fixed from 7.1) + +# CVE-2026-53109 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53110] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53111] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53112] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53113 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53114] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-53115 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53116] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53117] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53118 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53119] = "fixed-version: only affects 6.11 onwards" + +# CVE-2026-53120 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53121] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-53122 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53123] = "fixed-version: only affects 6.7 onwards" + +CVE_STATUS[CVE-2026-53124] = "fixed-version: only affects 6.14.6 onwards" + +CVE_STATUS[CVE-2026-53125] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53126] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53127] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53128] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53129 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53130] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53131 may need backporting (fixed from 6.6.143) + +# CVE-2026-53132 needs backporting (fixed from 7.1) + +# CVE-2026-53133 may need backporting (fixed from 6.6.143) + +# CVE-2026-53134 may need backporting (fixed from 6.6.143) + +# CVE-2026-53135 may need backporting (fixed from 6.6.143) + +# CVE-2026-53136 may need backporting (fixed from 6.6.143) + +# CVE-2026-53137 may need backporting (fixed from 6.6.143) + +# CVE-2026-53138 may need backporting (fixed from 6.6.144) + +# CVE-2026-53139 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-53140] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-53141] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-53142] = "fixed-version: only affects 6.8 onwards" + +# CVE-2026-53143 may need backporting (fixed from 6.6.143) + +# CVE-2026-53144 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53145] = "fixed-version: only affects 6.18.32 onwards" + +# CVE-2026-53146 may need backporting (fixed from 6.6.143) + +# CVE-2026-53147 may need backporting (fixed from 6.6.143) + +# CVE-2026-53148 may need backporting (fixed from 6.6.143) + +# CVE-2026-53149 may need backporting (fixed from 6.6.143) + +# CVE-2026-53150 may need backporting (fixed from 6.6.143) + +# CVE-2026-53151 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-53152] = "fixed-version: only affects 6.12.78 onwards" + +CVE_STATUS[CVE-2026-53153] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-53154 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53155] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-53156 needs backporting (fixed from 7.1) + +# CVE-2026-53157 may need backporting (fixed from 6.6.144) + +# CVE-2026-53158 may need backporting (fixed from 6.6.143) + +# CVE-2026-53159 may need backporting (fixed from 6.6.143) + +# CVE-2026-53160 may need backporting (fixed from 6.6.143) + +# CVE-2026-53161 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53162] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-53163 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-53164] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-53165] = "fixed-version: only affects 7.0 onwards" + +# CVE-2026-53166 may need backporting (fixed from 6.7) + +# CVE-2026-53167 may need backporting (fixed from 6.6.144) + +# CVE-2026-53168 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53169] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53170] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53171] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53172] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53173] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53174] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53175] = "fixed-version: only affects 6.12.93 onwards" + +# CVE-2026-53176 may need backporting (fixed from 6.6.143) + +# CVE-2026-53177 may need backporting (fixed from 6.6.143) + +# CVE-2026-53178 needs backporting (fixed from 7.1) + +# CVE-2026-53179 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53180] = "fixed-version: only affects 6.9 onwards" + +# CVE-2026-53181 may need backporting (fixed from 6.6.143) + +# CVE-2026-53182 may need backporting (fixed from 6.6.143) + +# CVE-2026-53183 may need backporting (fixed from 6.6.143) + +# CVE-2026-53184 may need backporting (fixed from 6.6.143) + +# CVE-2026-53185 may need backporting (fixed from 6.6.143) + +# CVE-2026-53186 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53187] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53188] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-53189 may need backporting (fixed from 6.6.143) + +# CVE-2026-53190 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53191] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-53192] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-53193] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-53194 may need backporting (fixed from 6.6.143) + +# CVE-2026-53195 may need backporting (fixed from 6.6.143) + +# CVE-2026-53196 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53197] = "fixed-version: only affects 6.14 onwards" + +# CVE-2026-53198 may need backporting (fixed from 6.6.143) + +# CVE-2026-53199 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53200] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53201] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-53202] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-53203] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-53204] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53205] = "fixed-version: only affects 6.12.30 onwards" + +CVE_STATUS[CVE-2026-53206] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-53207 may need backporting (fixed from 6.6.143) + +# CVE-2026-53208 may need backporting (fixed from 6.6.143) + +# CVE-2026-53209 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53210] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-53211] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-53212 may need backporting (fixed from 6.6.143) + +# CVE-2026-53213 may need backporting (fixed from 6.6.143) + +# CVE-2026-53214 may need backporting (fixed from 6.6.143) + +# CVE-2026-53215 may need backporting (fixed from 6.6.143) + +# CVE-2026-53216 may need backporting (fixed from 6.6.143) + +# CVE-2026-53217 may need backporting (fixed from 6.6.143) + +# CVE-2026-53218 may need backporting (fixed from 6.6.143) + +# CVE-2026-53219 may need backporting (fixed from 6.6.143) + +# CVE-2026-53220 needs backporting (fixed from 7.1) + +# CVE-2026-53221 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53222] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-53223 may need backporting (fixed from 6.6.143) + +# CVE-2026-53224 needs backporting (fixed from 7.1) + +# CVE-2026-53225 may need backporting (fixed from 6.6.143) + +# CVE-2026-53226 needs backporting (fixed from 7.1) + +# CVE-2026-53227 may need backporting (fixed from 6.6.143) + +# CVE-2026-53228 may need backporting (fixed from 6.6.143) + +# CVE-2026-53229 needs backporting (fixed from 7.1) + +# CVE-2026-53230 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53231] = "fixed-version: only affects 7.0 onwards" + +# CVE-2026-53232 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53233] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-53234] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-53235] = "fixed-version: only affects 6.10 onwards" + +# CVE-2026-53236 may need backporting (fixed from 6.6.143) + +# CVE-2026-53237 may need backporting (fixed from 6.6.143) + +# CVE-2026-53238 may need backporting (fixed from 6.6.143) + +# CVE-2026-53239 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53240] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-53241] = "fixed-version: only affects 6.10 onwards" + +# CVE-2026-53242 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53243] = "fixed-version: only affects 7.0.10 onwards" + +CVE_STATUS[CVE-2026-53244] = "fixed-version: only affects 7.0 onwards" + +# CVE-2026-53245 may need backporting (fixed from 6.6.143) + +# CVE-2026-53246 needs backporting (fixed from 7.1) + +# CVE-2026-53247 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53248] = "fixed-version: only affects 6.15 onwards" + +# CVE-2026-53249 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53250] = "fixed-version: only affects 6.8 onwards" + +CVE_STATUS[CVE-2026-53251] = "fixed-version: only affects 6.12.2 onwards" + +# CVE-2026-53252 may need backporting (fixed from 6.6.143) + +# CVE-2026-53253 may need backporting (fixed from 6.6.143) + +# CVE-2026-53254 may need backporting (fixed from 6.6.143) + +# CVE-2026-53255 may need backporting (fixed from 6.6.143) + +# CVE-2026-53256 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53257] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-53258 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53259] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53260] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-53261] = "fixed-version: only affects 6.7 onwards" + +# CVE-2026-53262 needs backporting (fixed from 7.1) + +# CVE-2026-53263 may need backporting (fixed from 6.6.143) + +# CVE-2026-53264 may need backporting (fixed from 6.6.143) + +# CVE-2026-53265 may need backporting (fixed from 6.6.143) + +# CVE-2026-53266 may need backporting (fixed from 6.6.143) + +# CVE-2026-53267 may need backporting (fixed from 6.6.143) + +# CVE-2026-53268 may need backporting (fixed from 6.6.143) + +# CVE-2026-53269 may need backporting (fixed from 6.6.143) + +# CVE-2026-53270 may need backporting (fixed from 6.6.143) + +# CVE-2026-53271 may need backporting (fixed from 6.6.143) + +# CVE-2026-53272 needs backporting (fixed from 7.1) + +# CVE-2026-53273 may need backporting (fixed from 6.6.143) + +# CVE-2026-53274 may need backporting (fixed from 6.6.143) + +# CVE-2026-53275 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53276] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53277] = "fixed-version: only affects 6.12 onwards" + +CVE_STATUS[CVE-2026-53278] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53279] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53280] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-53281] = "fixed-version: only affects 6.12.57 onwards" + +CVE_STATUS[CVE-2026-53282] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-53283] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-53284 needs backporting (fixed from 7.1) + +# CVE-2026-53285 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53286] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53287] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53288] = "fixed-version: only affects 6.12.54 onwards" + +CVE_STATUS[CVE-2026-53289] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53290] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-53291] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53292 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53293] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53294] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53295] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53296] = "cpe-stable-backport: Backported in 6.6.141" + +# CVE-2026-53297 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53298] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-53299] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53300] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-53301] = "fixed-version: only affects 6.13 onwards" + +CVE_STATUS[CVE-2026-53302] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-53303] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53304] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53305] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-53306] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53307] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-53308] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-53309] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53310] = "fixed-version: only affects 6.17 onwards" + +CVE_STATUS[CVE-2026-53311] = "fixed-version: only affects 6.16 onwards" + +CVE_STATUS[CVE-2026-53312] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-53313 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53314] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53315] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53316] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-53317 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53318] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-53319] = "fixed-version: only affects 7.0 onwards" + +CVE_STATUS[CVE-2026-53320] = "cpe-stable-backport: Backported in 6.6.141" + +CVE_STATUS[CVE-2026-53321] = "fixed-version: only affects 6.9 onwards" + +CVE_STATUS[CVE-2026-53322] = "fixed-version: only affects 6.19 onwards" + +CVE_STATUS[CVE-2026-53323] = "fixed-version: only affects 6.15 onwards" + +CVE_STATUS[CVE-2026-53324] = "fixed-version: only affects 6.13 onwards" + +# CVE-2026-53325 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-53326] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-53327 may need backporting (fixed from 6.6.144) + +CVE_STATUS[CVE-2026-53328] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-53329 may need backporting (fixed from 6.6.143) + +# CVE-2026-53330 needs backporting (fixed from 7.1) + +# CVE-2026-53331 may need backporting (fixed from 6.6.143) + +# CVE-2026-53332 needs backporting (fixed from 7.1) + +CVE_STATUS[CVE-2026-53333] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-53334] = "fixed-version: only affects 6.18 onwards" + +CVE_STATUS[CVE-2026-53335] = "fixed-version: only affects 6.18 onwards" + +# CVE-2026-53336 may need backporting (fixed from 6.6.143) + +# CVE-2026-53337 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53338] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-53339 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53340] = "fixed-version: only affects 6.14 onwards" + +CVE_STATUS[CVE-2026-53341] = "fixed-version: only affects 6.11 onwards" + +CVE_STATUS[CVE-2026-53342] = "fixed-version: only affects 6.16 onwards" + +# CVE-2026-53343 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53344] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-53345 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53346] = "fixed-version: only affects 6.12 onwards" + +# CVE-2026-53347 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53348] = "fixed-version: only affects 6.19 onwards" + +# CVE-2026-53349 may need backporting (fixed from 6.6.143) + +# CVE-2026-53350 may need backporting (fixed from 6.6.143) + +CVE_STATUS[CVE-2026-53351] = "fixed-version: only affects 7.0 onwards" + +# CVE-2026-53352 may need backporting (fixed from 6.6.143) + +# CVE-2026-53353 may need backporting (fixed from 6.6.143) -# CVE-2026-43500 may need backporting (fixed from 6.6.140) +# CVE-2026-53354 may need backporting (fixed from 6.6.143) -# CVE-2026-43501 may need backporting (fixed from 6.6.140) +# CVE-2026-53355 may need backporting (fixed from 6.6.143) -# CVE-2026-43502 may need backporting (fixed from 6.6.140) +# CVE-2026-53356 may need backporting (fixed from 6.6.143) -# CVE-2026-43503 may need backporting (fixed from 6.6.141) +CVE_STATUS[CVE-2026-53357] = "cpe-stable-backport: Backported in 6.6.142" -# CVE-2026-45834 may need backporting (fixed from 6.6.140) +# CVE-2026-53358 may need backporting (fixed from 6.6.143) -# CVE-2026-45835 may need backporting (fixed from 6.6.140) +# CVE-2026-53359 may need backporting (fixed from 6.6.144) -# CVE-2026-45836 may need backporting (fixed from 6.6.140) +CVE_STATUS[CVE-2026-53360] = "fixed-version: only affects 6.10 onwards" -# CVE-2026-46300 may need backporting (fixed from 6.6.141) +# CVE-2026-53361 may need backporting (fixed from 6.6.144) -# CVE-2026-46333 may need backporting (fixed from 6.6.139) +# CVE-2026-53362 may need backporting (fixed from 6.6.144) From patchwork Thu Jul 9 10:06:33 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92110 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B3789C44509 for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5810.1783591632434396806 for ; Thu, 09 Jul 2026 03:07:12 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=S6BNsGog; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-493c7902f47so12975165e9.1 for ; Thu, 09 Jul 2026 03:07:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591631; x=1784196431; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=P3etCHOUtgrargOsAUyr6TshCsDa6Y2PpKT6TU+YTYY=; b=S6BNsGog/Ld/8KUJYXKl7Pl9wSm3c4Uny7IP8RpjIffJICN18jE4CP/zKNIA+0ikPa yxY/G56dIfdHk2bzevBqE9tp+yIoDmq6zdBB5MsdH6s9Ll7S9hAHuIombYtnNIM9pd6E mLTWKWE20jgIHC3u8h7hAc2C6E4t9bY2l5sdo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591631; x=1784196431; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=P3etCHOUtgrargOsAUyr6TshCsDa6Y2PpKT6TU+YTYY=; b=C8QCm/6liLtH5ipulUEaMWx+nqDoTYYESy9ETCxuhM7MCaqcnAB4Jwj1+tr74GS839 lLk/7Rw4iz5kVqPASVhY+MPJxOx1grp49D4+F7+FwVUWXK1Q3CNu7Lvvd6LkerqOHTbN pnNbMoI/sP1v1QxnJ+dcuwqbODefsDjX2UoJ2yP3eVJ4r8JtvzGAcaxslx0nRNJ22TpC 5yDGdWmOtkkw4YddM0l+9F/lXuBgTrujZvwNPmpEyZ5oKuiiMSvvbnsUpXd70WzxzCok 9VYY6bEyMwKVL4/5cDQwADo6zjR39vHS52jAKgb0s/Q6cg141dBJnxMlzeajMsXFkWgs vqjg== X-Gm-Message-State: AOJu0YyYh/fLN8tB1uNIAt6kJHcNJ1LNFUaH01nHlAfWo8LkP+e8GRN9 fHgPMYYFu3xrclYMnN73zEhAJl0FDH1l10WWMmD10vBfpbVFs2OkWBxZWUnNfgYkmuD1V8Bs771 /t0vQ7Fk= X-Gm-Gg: AfdE7cmE8zGVswlUdruCPvFwwcdNEfXjnLldsQQsmw7KvlUxppXchdkNGg7KSNHs/TQ eGIQulP1kkIfP2RI4niEbpUlFHFMwJLvm/XFEeaLusTrMvRs5dJWMDV1lmD6PxVdYR1eCvA/kqH yoxkjiHCjk5aKLfsCeQe+OSHilG4jwVBMkpgcW2nqwXLRIzaIkFm/ZxxBHD4O6DU8/k4GALTloB Iq+Jv1C5rFsrjp7zXF/atjlOKn5kW8KbidVT7zYTV1jXEuH/F9dMDipGhp3TtDC7ssv6iQzjy5y v077PQJ4I7rcbC0cqmhCVrW9rmiyOV5WQUk/NUm229NdA6QYGHvmQiGuhyU7Wnq1sPv3MOt+TEF 9gOmFBfaU+sTe814xFL+LFovwwFO2itw4rNKlnWFpBL27Kwg+Tae12yDt3gHl3F1fKMMo2YROxD CL1DFsoik2RkgJR6lqKUfrpRtQCGFEKDXHpcx7TtlAur8mqmsOD7nwGRm2mxbT7TaxVs3lrYGgw 7R9rkwwOCVBA7r+xQ== X-Received: by 2002:a05:600c:630a:b0:493:c84c:2b57 with SMTP id 5b1f17b1804b1-493e686c848mr61109365e9.29.1783591630556; Thu, 09 Jul 2026 03:07:10 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:10 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 17/25] binutils: Fix CVE-2026-6846 Date: Thu, 9 Jul 2026 12:06:33 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240563 From: Shubham Pushpkar This patch applies the upstream fix as referenced in [2], using the commit shown in [1]. [1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a089e0302382f4d4e077941156e1eaa68d01393 [2] https://security-tracker.debian.org/tracker/CVE-2026-6846 Signed-off-by: Shubham Pushpkar Signed-off-by: Yoann Congal --- .../binutils/binutils-2.42.inc | 1 + .../binutils/binutils/CVE-2026-6846.patch | 57 +++++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch diff --git a/meta/recipes-devtools/binutils/binutils-2.42.inc b/meta/recipes-devtools/binutils/binutils-2.42.inc index 7e83f72632f..3ed80a82924 100644 --- a/meta/recipes-devtools/binutils/binutils-2.42.inc +++ b/meta/recipes-devtools/binutils/binutils-2.42.inc @@ -74,5 +74,6 @@ SRC_URI = "\ file://0030-CVE-2025-11840.patch \ file://CVE-2025-69644-CVE-2025-69647.patch \ file://CVE-2025-69648.patch \ + file://CVE-2026-6846.patch \ " S = "${WORKDIR}/git" diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch b/meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch new file mode 100644 index 00000000000..8eaca87583d --- /dev/null +++ b/meta/recipes-devtools/binutils/binutils/CVE-2026-6846.patch @@ -0,0 +1,57 @@ +From 2a340616f7e6591f83e85777d1d1f6108c33f5b8 Mon Sep 17 00:00:00 2001 +From: Alan Modra +Date: Mon, 6 Apr 2026 22:58:22 +0930 +Subject: [PATCH] PR 34049 buffer overflow in xcoff_link_add_symbols + +The fact that coffcode.h:coff_set_alignment_hook for rs6000 removes +sections can result in target_index > section_count. Thus any array +indexed by target_index must not be sized by section_count. + + PR ld/34049 + * xcofflink.c (xcoff_link_add_symbols): Size reloc_info array + using max target_index. + +CVE: CVE-2026-6846 +Upstream-Status: Backport [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=7a089e0302382f4d4e077941156e1eaa68d01393] + +(cherry picked from commit 7a089e0302382f4d4e077941156e1eaa68d01393) +Signed-off-by: Shubham Pushpkar +--- + bfd/xcofflink.c | 15 ++++++++++++++- + 1 file changed, 14 insertions(+), 1 deletion(-) + +diff --git a/bfd/xcofflink.c b/bfd/xcofflink.c +index 6ef9abcd8..196967ed0 100644 +--- a/bfd/xcofflink.c ++++ b/bfd/xcofflink.c +@@ -1300,6 +1300,7 @@ xcoff_link_add_symbols (bfd *abfd, struct bfd_link_info *info) + } *reloc_info = NULL; + bfd_size_type amt; + unsigned short visibility; ++ unsigned int max_target_index; + + keep_syms = obj_coff_keep_syms (abfd); + +@@ -1363,7 +1364,19 @@ xcoff_link_add_symbols (bfd *abfd, struct bfd_link_info *info) + order by VMA within a given section, so we handle this by + scanning along the relocs as we process the csects. We index + into reloc_info using the section target_index. */ +- amt = abfd->section_count + 1; ++ max_target_index = 0; ++ for (o = abfd->section_last; o != NULL; o = o->prev) ++ if (o->target_index != 0) ++ { ++ /* The last section added from the object file will have the ++ highest target_index. See coffgen.c coff_real_object_p and ++ make_a_section_from_file. Sections added by ++ xcoff_link_create_extra_sections will have a zero ++ target_index. */ ++ max_target_index = o->target_index; ++ break; ++ } ++ amt = max_target_index + 1; + amt *= sizeof (struct reloc_info_struct); + reloc_info = bfd_zmalloc (amt); + if (reloc_info == NULL) +-- +2.35.6 From patchwork Thu Jul 9 10:06:34 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92119 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id F01BFC4450D for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5811.1783591633340939278 for ; Thu, 09 Jul 2026 03:07:13 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=o02V65Ww; spf=pass (domain: smile.fr, ip: 209.85.128.45, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f45.google.com with SMTP id 5b1f17b1804b1-493b779003fso3741055e9.3 for ; Thu, 09 Jul 2026 03:07:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591631; x=1784196431; darn=lists.openembedded.org; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:from:to:cc:subject:date :message-id:reply-to:content-type; bh=YJ83YOfjsYRmWhQ8EXfPiORsqBU5IdpoU9XMHSdoXNo=; b=o02V65WwuE2U0KaEBfJbcPa4vXuF6uaHpKEzScHgxgPn5Ud+dt2yh3q8zHR77HByJf XmRpIPgOJTKLhJxX9J7asIJVMsk0HiPWqIJDrY3ifXSnaOO5w3GndWaQJ5JrmdDjqFRu rfrBY4QoXuyd8GmaiM7tL5zHbQ3kD7o4vWrH8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591631; x=1784196431; h=content-transfer-encoding:content-type:mime-version:references :in-reply-to:message-id:date:subject:to:from:x-gm-gg :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to :content-type; bh=YJ83YOfjsYRmWhQ8EXfPiORsqBU5IdpoU9XMHSdoXNo=; b=exHd2WWoPFmh6SFUAWHJ3gqvIv/aYz5G8ke7f0fVhkyBdosNfBnmu0gjM6Fy2Ia7ot zqZgQt6upW+lW1aGFHe4ENWHIwLvbi6fOThgtbtyC6G7+25goXp5d/NNrNKvmfCe0LpD OxY1ohOULBKljdu/CFH3+TpWh9Zr5/dCRp5ZvBgeJh0RyMdL221v1BiUnUFTgOqZC1Px HYjE4+c57IcpyuMI7SWFaXRnvuUtr1gw1dedI0TDWZX8sCyoc++pCk8MrjAAfnVr/4Mr kaSPrIWqr97wIi059dS51blT8Tcv3YVr6X3kdLO9AdhAxzyLfpNAYRBOyjf7PWuKgOMN 79nA== X-Gm-Message-State: AOJu0YwDuvLK8Xtkn9hg/Dea0ABg0W1PhOoAuRITASl9Niu8AhdufbEI Fihm6EtCj7wP0C02KWQtrVsH2vXNMIzrI86o2WaUCB+XflxL0rcv0JSlu9//XSb4Hmr20BwwZ9f 2qqK7iGQ= X-Gm-Gg: AfdE7cmIFK2u84AmOVoPTjG6/BJ20OvHd+iMKMgVC/dxsWrz2OfuBwU4hNEBYU+sXfi Uw1jToEXiyMdx7onlLVEU2VlBRXC+deJH29qYl1oMsVkynGxUKWNPlg77E3/DVWtd66N/n6QF51 RBCJs8FEmcSww3ODjcwh+gAYFtN3P5K3bKnBd7NmQRGX6cSQMfMMErKT7CcylEbAfFcMCnBigVZ UftKfakSVHjGBnzxh5qxwZ18OBjTsSXMPz3SthjcmROquDdNhJ+gvf+86oYOdJOEORVrGtaeP/K 47MRiS8FEq6Ph4v6yudX4xJXWPGmcH+41COlhldmMcs9hZRFTem1tBYW8+l4yrk+GuF6gZD6mTc UyK51UxDHww4Ri8S8D3kxjA80Cr7tmriKkfPV7m8G3MZG9av9BNLTuDKhMk2f5jVwBsSAJx54gA rRHwY8goM4VXsrm/fGzMiWaUtAU1nJj/fEy0xBPkMpbmbNAfNU6buWg6JeCluIkP3sJpbAoFXHa Dmpu1uBdbslmbBQYQ== X-Received: by 2002:a05:600d:8496:20b0:493:ae5d:8c40 with SMTP id 5b1f17b1804b1-493e68e9ff7mr43205745e9.27.1783591631522; Thu, 09 Jul 2026 03:07:11 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:10 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 18/25] qemu: Fix CVE-2025-14876 Date: Thu, 9 Jul 2026 12:06:34 +0200 Message-ID: <04fae4fb45022104757c7f36b3bae9978d7c1265.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240564 From: Ashishkumar Parmar This patch applies the upstream v10.0.8 stable backport for CVE-2025-14876. The upstream fix commit is referenced in [1], and the public CVE advisory is referenced in [2]. The individual backported commit links are recorded in the embedded patch headers when the fix expands to multiple commits. [1] https://gitlab.com/qemu-project/qemu/-/commit/e649201bb96ae7e91a69d57392c8907ec085111e [2] https://access.redhat.com/security/cve/CVE-2025-14876 Signed-off-by: Ashishkumar Parmar Signed-off-by: Yoann Congal --- meta/recipes-devtools/qemu/qemu.inc | 2 + .../qemu/qemu/CVE-2025-14876_p1.patch | 52 +++++++++++++++++ .../qemu/qemu/CVE-2025-14876_p2.patch | 56 +++++++++++++++++++ 3 files changed, 110 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index ff8877e54b7..f973c0a8d1e 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -48,6 +48,8 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2025-11234-01.patch \ file://CVE-2025-11234-02.patch \ file://CVE-2024-6519.patch \ + file://CVE-2025-14876_p1.patch \ + file://CVE-2025-14876_p2.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch b/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch new file mode 100644 index 00000000000..1f47ff2ebcc --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p1.patch @@ -0,0 +1,52 @@ +From 96ac1b4f958287776ec2199749beaaad60148a85 Mon Sep 17 00:00:00 2001 +From: zhenwei pi +Date: Sun, 21 Dec 2025 10:43:20 +0800 +Subject: [PATCH] hw/virtio/virtio-crypto: verify asym request size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The total lenght of request is limited by cryptodev config, verify it +to avoid unexpected request from guest. + +CVE: CVE-2025-14876 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/e649201bb96ae7e91a69d57392c8907ec085111e] + +Fixes: CVE-2025-14876 +Fixes: 0e660a6f90a ("crypto: Introduce RSA algorithm") +Reported-by: 이재영 +Signed-off-by: zhenwei pi +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Message-Id: <20251221024321.143196-2-zhenwei.pi@linux.dev> +(cherry picked from commit 91c6438caffc880e999a7312825479685d659b44) +Signed-off-by: Michael Tokarev +(cherry picked from commit e649201bb96ae7e91a69d57392c8907ec085111e) +Signed-off-by: Ashishkumar Parmar +--- + hw/virtio/virtio-crypto.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/hw/virtio/virtio-crypto.c b/hw/virtio/virtio-crypto.c +index 4aaced74b..6927f7d1a 100644 +--- a/hw/virtio/virtio-crypto.c ++++ b/hw/virtio/virtio-crypto.c +@@ -767,11 +767,18 @@ virtio_crypto_handle_asym_req(VirtIOCrypto *vcrypto, + uint32_t len; + uint8_t *src = NULL; + uint8_t *dst = NULL; ++ uint64_t max_len; + + asym_op_info = g_new0(CryptoDevBackendAsymOpInfo, 1); + src_len = ldl_le_p(&req->para.src_data_len); + dst_len = ldl_le_p(&req->para.dst_data_len); + ++ max_len = (uint64_t)src_len + dst_len; ++ if (unlikely(max_len > vcrypto->conf.max_size)) { ++ virtio_error(vdev, "virtio-crypto asym request is too large"); ++ goto err; ++ } ++ + if (src_len > 0) { + src = g_malloc0(src_len); + len = iov_to_buf(iov, out_num, 0, src, src_len); diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch b/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch new file mode 100644 index 00000000000..60432c8ebb9 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2025-14876_p2.patch @@ -0,0 +1,56 @@ +From 17f89320724d16437a26a250c82b1649777387f1 Mon Sep 17 00:00:00 2001 +From: zhenwei pi +Date: Sun, 21 Dec 2025 10:43:21 +0800 +Subject: [PATCH] cryptodev-builtin: Limit the maximum size +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This backend driver is used for demonstration purposes only, unlimited +size leads QEMU OOM. + +CVE: CVE-2025-14876 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/3464e88bc98d72acc3a9674054b9ed0c3d4e9b90] + +Fixes: CVE-2025-14876 +Fixes: 1653a5f3fc7 ("cryptodev: introduce a new cryptodev backend") +Reported-by: 이재영 +Signed-off-by: zhenwei pi +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Message-Id: <20251221024321.143196-3-zhenwei.pi@linux.dev> +(cherry picked from commit 7b913094c703641a0442bb1d1165323a019c591c) +Signed-off-by: Michael Tokarev +(cherry picked from commit 3464e88bc98d72acc3a9674054b9ed0c3d4e9b90) +Signed-off-by: Ashishkumar Parmar +--- + backends/cryptodev-builtin.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/backends/cryptodev-builtin.c b/backends/cryptodev-builtin.c +index 940104ee5..a4c544b6d 100644 +--- a/backends/cryptodev-builtin.c ++++ b/backends/cryptodev-builtin.c +@@ -53,6 +53,8 @@ typedef struct CryptoDevBackendBuiltinSession { + + #define CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN 512 + #define CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN 64 ++/* demonstration purposes only, use a limited size to avoid QEMU OOM */ ++#define CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE (1024 * 1024) + + struct CryptoDevBackendBuiltin { + CryptoDevBackend parent_obj; +@@ -98,12 +100,7 @@ static void cryptodev_builtin_init( + 1u << QCRYPTODEV_BACKEND_SERVICE_MAC; + backend->conf.cipher_algo_l = 1u << VIRTIO_CRYPTO_CIPHER_AES_CBC; + backend->conf.hash_algo = 1u << VIRTIO_CRYPTO_HASH_SHA1; +- /* +- * Set the Maximum length of crypto request. +- * Why this value? Just avoid to overflow when +- * memory allocation for each crypto request. +- */ +- backend->conf.max_size = LONG_MAX - sizeof(CryptoDevBackendOpInfo); ++ backend->conf.max_size = CRYPTODEV_BUITLIN_MAX_REQUEST_SIZE; + backend->conf.max_cipher_key_len = CRYPTODEV_BUITLIN_MAX_CIPHER_KEY_LEN; + backend->conf.max_auth_key_len = CRYPTODEV_BUITLIN_MAX_AUTH_KEY_LEN; + cryptodev_builtin_init_akcipher(backend); From patchwork Thu Jul 9 10:06:35 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92117 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4550EC44511 for ; Thu, 9 Jul 2026 10:07:18 +0000 (UTC) Received: from mail-wm1-f53.google.com (mail-wm1-f53.google.com [209.85.128.53]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5892.1783591634006286168 for ; Thu, 09 Jul 2026 03:07:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=3r4Xa8Re; spf=pass (domain: smile.fr, ip: 209.85.128.53, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f53.google.com with SMTP id 5b1f17b1804b1-493c2c0b9a8so13372975e9.1 for ; Thu, 09 Jul 2026 03:07:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591632; x=1784196432; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=+5ixoMjfre4AlUzquQZGaN5hdzW8fXUrjOnsZnTgh2s=; b=3r4Xa8Re9IbVI0NLJ0ZNiiuWzDhVWnMf1aF9TWI0rN3UFZpeOwNim71HDn28RcpEYc oduxEJFYmCN8nsTxu2wci/V+XJa0arrHSVN1t3Ub2FRdO4Txy7nIU/QLG5euTePdF66b xjTdSy/CIyPDYs0FJv+5Azy9KDKatZ1LTjsbE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591632; x=1784196432; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=+5ixoMjfre4AlUzquQZGaN5hdzW8fXUrjOnsZnTgh2s=; b=QqGAWO0nSPPtapjThUhRrOcPMFATaCsUlHx1mahNZeNlIxAWPjMjEXnjBwfCFOk+Ow 4hkDBF8V9D4FcbNYYlxeRKPVL+4QYlEY8HpvNEadz3c6CZOH5J8F7/20utpmkVA2i3DU vJi4eO0MuhXhmWszDGciS4gNx7csI8+ZTAj4+PLQyTv+zn/H2fZo4MHOejmEdan0q5PC nXHjq/m+DBaHYwSvad3zHVT+FbWtRECQ0RWGCtC0mMqiwt8KnMPsp5iHRupH/ClZCfgV xT9Cy/m1z+7oZUlPLn8BMbJgomKpjG0V/GIUEls45V4B/PD3cGSbGkM1yhyUvMUKp7GJ tTgw== X-Gm-Message-State: AOJu0Yzn4wZoHeqC0waOXXYr+zBw+y9BBSK0JMyVrQqLlONnkBm3X0rl I7U3HhmQJzanS2Xuu16Rvrx9f4V1++xUP1k5ZurzvylzMtcV5LEZKJLek8XPR1uJYWlrlgbdABd Yzd+RC2w= X-Gm-Gg: AfdE7cnqb7p9xapaO5Cyl1igwoh2AfXSFqQjCzAHp2f5zmvH4BoqVd1PGaszeHSz/O+ +A2rcfvwBsySStJYZdPvOJiSdVcNcNeEy3QcjFR2MDYm7a/zRkza/A89F6xuJ2mc4BC4ZHlKrW5 SIBTbs+IZHGbcDkk4qdJJpLXNkTKJ2rfPRBm4pQA99qPXfeWAjVG3dHGZbJWZoEFO4Xux5hoJsi QA++HhCc+l3rL6E/mHfpDOmn58PuaQMYFiQfEovhnu0Zokzq3KLNFN2zrO5iMYJw1CDbYvO0LZ7 kWfJflEFBK1kUj3y0niPEWY0qiCQMGLyVirj/dxrWMJ2CJKeGglQ9oic8rbL+6opqYYYXqQtUUg 8FtuDg0myobQz3e+VjeQI4In1zLSLJIDS8z5v0DRnODzGC0rioX0ZyzKVh8NfwWe+zYsNYZDaw4 OLhM9PDPN9gw/vZ7jj1ciOzYLW+a3eqA1gsG0o+jKC/ziJBsbMTswy3mqgzVK8b/RN3VovJ3Ro/ 0lMPPgdSXbQ5AePyQ== X-Received: by 2002:a05:600c:a55:b0:490:469c:556b with SMTP id 5b1f17b1804b1-493e68bef13mr64258305e9.12.1783591632206; Thu, 09 Jul 2026 03:07:12 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.11 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:11 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 19/25] qemu: Fix CVE-2026-0665 Date: Thu, 9 Jul 2026 12:06:35 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240566 From: Ashishkumar Parmar This patch applies the upstream v10.0.8 stable backport for CVE-2026-0665. The upstream fix commit is referenced in [1], and the public CVE advisory is referenced in [2]. The individual backported commit links are recorded in the embedded patch headers when the fix expands to multiple commits. [1] https://gitlab.com/qemu-project/qemu/-/commit/4ba877461e6b1a8637b15ff1a8c77ba97639c927 [2] https://access.redhat.com/security/cve/CVE-2026-0665 Signed-off-by: Ashishkumar Parmar Signed-off-by: Yoann Congal --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2026-0665.patch | 38 +++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index f973c0a8d1e..73b2f3e6074 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -50,6 +50,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2024-6519.patch \ file://CVE-2025-14876_p1.patch \ file://CVE-2025-14876_p2.patch \ + file://CVE-2026-0665.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch b/meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch new file mode 100644 index 00000000000..9264ba38cc6 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2026-0665.patch @@ -0,0 +1,38 @@ +From 91e98ce0a879010ef5b5ab5778cc71c0e9e92a57 Mon Sep 17 00:00:00 2001 +From: Vulnerability Report +Date: Fri, 9 Jan 2026 10:35:48 +0800 +Subject: [PATCH] hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() + +Reject pirq == s->nr_pirqs in xen_physdev_map_pirq(). + +CVE: CVE-2026-0665 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/4ba877461e6b1a8637b15ff1a8c77ba97639c927] + +Fixes: aa98ee38a5 ("hw/xen: Implement emulated PIRQ hypercall support") +Fixes: CVE-2026-0665 +Reported-by: DARKNAVY (@DarkNavyOrg) +Reviewed-by: David Woodhouse +Signed-off-by: Vulnerability Report +Link: https://lore.kernel.org/r/13FE03BE60EA78D6+20260109023548.4047-1-vr@darknavy.com +Signed-off-by: Paolo Bonzini +(cherry picked from commit c7504ba2a560fd884557f6e5142f03b491aad0c7) +Signed-off-by: Michael Tokarev +(cherry picked from commit 4ba877461e6b1a8637b15ff1a8c77ba97639c927) +Signed-off-by: Ashishkumar Parmar +--- + hw/i386/kvm/xen_evtchn.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c +index 02b8cbf8d..5a1ad3782 100644 +--- a/hw/i386/kvm/xen_evtchn.c ++++ b/hw/i386/kvm/xen_evtchn.c +@@ -1843,7 +1843,7 @@ int xen_physdev_map_pirq(struct physdev_map_pirq *map) + return pirq; + } + map->pirq = pirq; +- } else if (pirq > s->nr_pirqs) { ++ } else if (pirq >= s->nr_pirqs) { + return -EINVAL; + } else { + /* From patchwork Thu Jul 9 10:06:36 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92109 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71C5CC44506 for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wm1-f46.google.com (mail-wm1-f46.google.com [209.85.128.46]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5812.1783591634558706952 for ; Thu, 09 Jul 2026 03:07:14 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=cbS9Cn3W; spf=pass (domain: smile.fr, ip: 209.85.128.46, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f46.google.com with SMTP id 5b1f17b1804b1-493bb510ce4so5714765e9.1 for ; Thu, 09 Jul 2026 03:07:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591633; x=1784196433; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=af+/Tbf8Qs3RqLH8XKB93IGvS/Db8nnRVUyXzrR3NSQ=; b=cbS9Cn3WK9IKQsSx/xyY96Bmu5yF89g2AeM+GyK2Yq+W6I59lZtwWaQTRSDcD9x+I1 GKsJQrS6g1FBYOI86sXV4e4DSwJmd1GrvvEE3dBaB15EeI56uMGi+jePQMzLMe5yI3vI ekygcWzTXM8e3OMseulJowPzf4TT6gC0VtTGI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591633; x=1784196433; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=af+/Tbf8Qs3RqLH8XKB93IGvS/Db8nnRVUyXzrR3NSQ=; b=POTEPdJSTqhHBQdZMTjYaKovVK97+mAq5V2VD3SJps5tu/rKt/vaC2Duxa3EQThK4f 8VGdkvGGnBhIAzVEPHTsM8TpPGFbF6uHcTFNa4SMQLkic/yBOLWlJwBII4jOJqeoCyA8 zWbz/hr4fDbEGYEXeYbmBjg/EmZPtCR/mBV1zGRPy7CmbmMa9pdW2reztfqmueBqE+tT UDMCO08dO4wVonY3NEHYLZ1f92fC8L95IbfdZ1L8lzCquGhEjRlIFrTQFdKT1KH5xGOl KOCHM3Q1aCzIViplU72PrQAKq5u/U+4Y18HYvEKae+deQOsQ++B3ihfdizQg9MEeZpNl wdMA== X-Gm-Message-State: AOJu0YxnQ0wB5YubpEc38E7gx875gYflhxjvlkdLazlXN9XVNtoAw3RG x8pT48CAlPlQPKguXUyBW9rTDGKovxNoH5NmHvAc/E6GZ0fR0XsuKMeGRbZ1BqTR8Ox+V7TzN1W L6JpGaB0= X-Gm-Gg: AfdE7cmpviLhcEa3kzqXpnDUcZjhGKouvxQRp5HvWLIszfcttZWlf5xkIKofXZqTTf0 AT2hq6Ri4bvXhcC/ae7ti8zw9XJ1EAwaCqbNaYH+e1mBdyVTpI98ZfuQowSNenM9wkc2jpu3b+Q wKDBcS5dPiiXlWAd0PGmt0WVk1edCFTCBxUk+2byLtHcy2tDtDg0CNrYrDZyyu4zduZwnnkq9Zm gwqaVsc3r5Qdht8fN4A2sV16GQl5T+Qsf/bAJF0Dxah+mQpmtDOi/F5Kc9LRvDx7qKp9Gd9e+P6 n81PUdJPqzypxQmiB1KdJbdWISKgeYPjdqdPUHFFstntwbG5wFvAAox1/KPL6WSgWwOmwpnWbPq +eG8Rr25OXcRbl0L35QT9XCk1sSl8Ud5Fqi0Ueqeg/BzrTVo1appvY3bRqTjsfbuMTZKQflfMla LtMAGOt3FQxgvsa37fuln4K9itfn/lbwLoxfLqG+l6nD6o/Pbo36E8QekWTvAKEoXP35/BzO2ha rEbh3lur4uD9aRSRg== X-Received: by 2002:a05:600d:8444:20b0:492:66fb:5dc5 with SMTP id 5b1f17b1804b1-493e68df9c2mr46269805e9.24.1783591632797; Thu, 09 Jul 2026 03:07:12 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:12 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 20/25] qemu: Fix CVE-2026-2243 Date: Thu, 9 Jul 2026 12:06:36 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240567 From: Ashishkumar Parmar This patch applies the upstream v10.0.9 stable backport for CVE-2026-2243. The upstream fix commit is referenced in [1], and the public CVE advisory is referenced in [2]. The individual backported commit links are recorded in the embedded patch headers when the fix expands to multiple commits. [1] https://gitlab.com/qemu-project/qemu/-/commit/37ff880a1252de304985c7e8493765014012ed2f [2] https://access.redhat.com/security/cve/CVE-2026-2243 Signed-off-by: Ashishkumar Parmar Signed-off-by: Yoann Congal --- meta/recipes-devtools/qemu/qemu.inc | 1 + .../qemu/qemu/CVE-2026-2243.patch | 45 +++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch diff --git a/meta/recipes-devtools/qemu/qemu.inc b/meta/recipes-devtools/qemu/qemu.inc index 73b2f3e6074..46cc7cb5cb0 100644 --- a/meta/recipes-devtools/qemu/qemu.inc +++ b/meta/recipes-devtools/qemu/qemu.inc @@ -51,6 +51,7 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \ file://CVE-2025-14876_p1.patch \ file://CVE-2025-14876_p2.patch \ file://CVE-2026-0665.patch \ + file://CVE-2026-2243.patch \ " UPSTREAM_CHECK_REGEX = "qemu-(?P\d+(\.\d+)+)\.tar" diff --git a/meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch b/meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch new file mode 100644 index 00000000000..f67dae85dc9 --- /dev/null +++ b/meta/recipes-devtools/qemu/qemu/CVE-2026-2243.patch @@ -0,0 +1,45 @@ +From 8480e4b3718302e7f63efb87e07720f70509c8c7 Mon Sep 17 00:00:00 2001 +From: "Halil Oktay (oblivionsage)" +Date: Tue, 10 Feb 2026 13:33:25 +0100 +Subject: [PATCH] block/vmdk: fix OOB read in vmdk_read_extent() + +Bounds check for marker.size doesn't account for the 12-byte marker +header, allowing zlib to read past the allocated buffer. + +Move the check inside the has_marker block and subtract the marker size. + +CVE: CVE-2026-2243 +Upstream-Status: Backport [https://gitlab.com/qemu-project/qemu/-/commit/37ff880a1252de304985c7e8493765014012ed2f] + +Fixes: CVE-2026-2243 +Reported-by: Halil Oktay (oblivionsage) +Signed-off-by: Halil Oktay (oblivionsage) +Reviewed-by: Kevin Wolf +Signed-off-by: Kevin Wolf +(cherry picked from commit cfda94eddb6c9c49b66461c950b22845a46a75c9) +Signed-off-by: Michael Tokarev +(cherry picked from commit 37ff880a1252de304985c7e8493765014012ed2f) +Signed-off-by: Ashishkumar Parmar +--- + block/vmdk.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/block/vmdk.c b/block/vmdk.c +index d6971c706..7f63d0947 100644 +--- a/block/vmdk.c ++++ b/block/vmdk.c +@@ -1949,10 +1949,10 @@ vmdk_read_extent(VmdkExtent *extent, int64_t cluster_offset, + marker = (VmdkGrainMarker *)cluster_buf; + compressed_data = marker->data; + data_len = le32_to_cpu(marker->size); +- } +- if (!data_len || data_len > buf_bytes) { +- ret = -EINVAL; +- goto out; ++ if (!data_len || data_len > buf_bytes - sizeof(VmdkGrainMarker)) { ++ ret = -EINVAL; ++ goto out; ++ } + } + ret = uncompress(uncomp_buf, &buf_len, compressed_data, data_len); + if (ret != Z_OK) { From patchwork Thu Jul 9 10:06:37 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92107 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5EC17C44501 for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5893.1783591635290011429 for ; Thu, 09 Jul 2026 03:07:15 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=iSYmUXVD; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-493c733f15aso7270075e9.0 for ; Thu, 09 Jul 2026 03:07:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591633; x=1784196433; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=2y2XFkaitLihVswhbMrrRp5Hun9aodVJOsAdbQA7C24=; b=iSYmUXVDxg1gE/+L8RsRfXNNojPlfEglHYetad5ozZFN4mIJdxMJ2p8L4T0rWrpwyj CdEGLh9c4rtWugw0lIyCkBxqjQTFiYQd3tK7OtH9woiDFcmgCZuj9dvsgKnkvjUOUaPa 8hbzO0ffYUoFyhbpgqxx9lyHFIQWtQSz7dNzM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591633; x=1784196433; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=2y2XFkaitLihVswhbMrrRp5Hun9aodVJOsAdbQA7C24=; b=VrmxnibCbt1kEhQZzGpQil+h0FMOdNFRfW0tnQFW9wM5cd9clelbpIEic6pOxYmllP AueNDOTArzRq1o+SFadINuYcKHAQJx17cXhQpAE2eNlm3f1dkymlyljxUD3XtAnWSzHm 08n7bEQKGb5+ohDBh9va3L+vPsAAh+8L8RGEqWWumI2MhgSLBiePb8qvr+NEtym6TnsD POAgiQjYVdCdRkzNKDUtLb3i1/QBC5P782sqpBQUY8XJGQQkZcRRObrvBUu6RQjjf4Fc 2wWSs8Ef6S5zXdRcar8N0gtLmP4U/NUC29uztNElqUVwORxS9hBwx0OrHnMzvxu0K7Va FZzw== X-Gm-Message-State: AOJu0YzavtD5k5VgkUr4HXSliZJ3brr6nVvZRr3jUQt0XoX3O2gndaku KsdNRBR0UrGzXpTKvxYt7O1t7p+z//94yjyeIG7bHfNlxCr6LEAJ2NVKEVdI/8RQkiv8nUcsmSr fB7cqvwY= X-Gm-Gg: AfdE7ckBI1WC5VemVsZsGUtnMasMjXcCn1cbrYnoLmIui+bRlMymk6HkPZhzoT+E4lE zCYGT+TlzSX5w5tvHwDIYuxPMs8DO86hADOX0lKGsaG4jsamyBV/XWIT7MjH5OR3Alp14eDqeR6 X7Lr9Jg+bKAIGY0KxO6MG94UzkD53F9ydE00J0t4QfBAmeuZxkXfydCXFtOPvLwGJZZoP/j+aYf aB6Iss+UchDpyZuT1rh/jX5lVbZpDZakBgh27Le4hyFt9WyyTAewHBpA2+7HcIDZMf3TyBHp40L c2DTWQeq08iPOOcC+fgt1ivCfvSNxZcZE+CYKVTdOl0cfYkPBpPnfu3z4gOgG/R5oD1HO/hGOBR DncIRCSuNDukvvmUnrdcoW2k7rLZ9EddLwTMfvDkpIDCG2dCWKFiid/6Rc0+R6/zj7wPvnZftFP F9aYTHdfaDGIc5ArgAMYAHwZwwCIoCyjaJAQHelZU4/R/AiI93zZrU0+WEt0CAw29Fk8IyHjiwh oJagMJ+ULCM//9eEw== X-Received: by 2002:a05:600c:6095:b0:493:d305:b8f3 with SMTP id 5b1f17b1804b1-493e6898530mr63821345e9.3.1783591633415; Thu, 09 Jul 2026 03:07:13 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.12 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:12 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 21/25] cargo: Fix CVE-2026-5222 Date: Thu, 9 Jul 2026 12:06:37 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240568 From: Anil Dongare This patch applies the upstream fix as referenced in [2], using the commit shown in [1]. [1] https://github.com/rust-lang/cargo/commit/c4d63a44234de22dc745231c416b80ed848d997f [2] https://security-tracker.debian.org/tracker/CVE-2026-5222 Signed-off-by: Anil Dongare Signed-off-by: Yoann Congal --- .../rust/files/CVE-2026-5222.patch | 92 +++++++++++++++++++ meta/recipes-devtools/rust/rust-source.inc | 1 + 2 files changed, 93 insertions(+) create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5222.patch diff --git a/meta/recipes-devtools/rust/files/CVE-2026-5222.patch b/meta/recipes-devtools/rust/files/CVE-2026-5222.patch new file mode 100644 index 00000000000..50ba608c1c3 --- /dev/null +++ b/meta/recipes-devtools/rust/files/CVE-2026-5222.patch @@ -0,0 +1,92 @@ +From c4d63a44234de22dc745231c416b80ed848d997f Mon Sep 17 00:00:00 2001 +From: Arlo Siemsen +Date: Mon, 25 May 2026 09:49:43 +0200 +Subject: [PATCH] CVE-2026-5222: avoid stripping .git suffix when for non git + registries + +CVE: CVE-2026-5222 +Upstream-Status: Backport [https://github.com/rust-lang/cargo/commit/c4d63a44234de22dc745231c416b80ed848d997f] + +(cherry picked from commit c4d63a44234de22dc745231c416b80ed848d997f) +Signed-off-by: Anil Dongare +--- + src/tools/cargo/src/cargo/sources/git/source.rs | 7 +++++++ + src/tools/cargo/src/cargo/util/canonical_url.rs | 44 +++++++++++++------------ + 2 files changed, 31 insertions(+), 20 deletions(-) + +diff --git a/src/tools/cargo/src/cargo/sources/git/source.rs b/src/tools/cargo/src/cargo/sources/git/source.rs +index a75c1ec..1c8dbc8 100644 +--- a/src/tools/cargo/src/cargo/sources/git/source.rs ++++ b/src/tools/cargo/src/cargo/sources/git/source.rs +@@ -377,6 +377,13 @@ mod test { + assert_eq!(ident1, ident2); + } + ++ #[test] ++ fn test_canonicalize_idents_does_not_strip_dot_git_for_sparse() { ++ let ident1 = ident(&src("sparse+https://crates.io/fake-registry")); ++ let ident2 = ident(&src("sparse+https://crates.io/fake-registry.git")); ++ assert_ne!(ident1, ident2); ++ } ++ + fn src(s: &str) -> SourceId { + SourceId::for_git(&s.into_url().unwrap(), GitReference::DefaultBranch).unwrap() + } +diff --git a/src/tools/cargo/src/cargo/util/canonical_url.rs b/src/tools/cargo/src/cargo/util/canonical_url.rs +index 7516e03..2716d2d 100644 +--- a/src/tools/cargo/src/cargo/util/canonical_url.rs ++++ b/src/tools/cargo/src/cargo/util/canonical_url.rs +@@ -33,27 +33,31 @@ impl CanonicalUrl { + url.path_segments_mut().unwrap().pop_if_empty(); + } + +- // For GitHub URLs specifically, just lower-case everything. GitHub +- // treats both the same, but they hash differently, and we're gonna be +- // hashing them. This wants a more general solution, and also we're +- // almost certainly not using the same case conversion rules that GitHub +- // does. (See issue #84) +- if url.host_str() == Some("github.com") { +- url = format!("https{}", &url[url::Position::AfterScheme..]) +- .parse() +- .unwrap(); +- let path = url.path().to_lowercase(); +- url.set_path(&path); +- } ++ // Perform further canonicalization specific to git registries, which ++ // do not contain a `+` specifier. ++ if !url.scheme().contains('+') { ++ // For GitHub URLs specifically, just lower-case everything. GitHub ++ // treats both the same, but they hash differently, and we're gonna be ++ // hashing them. This wants a more general solution, and also we're ++ // almost certainly not using the same case conversion rules that GitHub ++ // does. (See issue #84) ++ if url.host_str() == Some("github.com") { ++ url = format!("https{}", &url[url::Position::AfterScheme..]) ++ .parse() ++ .unwrap(); ++ let path = url.path().to_lowercase(); ++ url.set_path(&path); ++ } + +- // Repos can generally be accessed with or without `.git` extension. +- let needs_chopping = url.path().ends_with(".git"); +- if needs_chopping { +- let last = { +- let last = url.path_segments().unwrap().next_back().unwrap(); +- last[..last.len() - 4].to_owned() +- }; +- url.path_segments_mut().unwrap().pop().push(&last); ++ // Repos can generally be accessed with or without `.git` extension. ++ let needs_chopping = url.path().ends_with(".git"); ++ if needs_chopping { ++ let last = { ++ let last = url.path_segments().unwrap().next_back().unwrap(); ++ last[..last.len() - 4].to_owned() ++ }; ++ url.path_segments_mut().unwrap().pop().push(&last); ++ } + } + + Ok(CanonicalUrl(url)) +-- +2.44.4 diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc index 318c7f0e293..1ba82a8657f 100644 --- a/meta/recipes-devtools/rust/rust-source.inc +++ b/meta/recipes-devtools/rust/rust-source.inc @@ -13,6 +13,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n file://0001-Handle-vendored-sources-when-remapping-paths.patch;patchdir=${RUSTSRC} \ file://repro-issue-fix-with-v175.patch;patchdir=${RUSTSRC} \ file://0001-cargo-do-not-write-host-information-into-compilation.patch;patchdir=${RUSTSRC} \ + file://CVE-2026-5222.patch;patchdir=${RUSTSRC} \ " SRC_URI[rust.sha256sum] = "4526f786d673e4859ff2afa0bab2ba13c918b796519a25c1acce06dba9542340" From patchwork Thu Jul 9 10:06:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92114 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7AA24C44507 for ; Thu, 9 Jul 2026 10:07:17 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5895.1783591636339478650 for ; Thu, 09 Jul 2026 03:07:16 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=yWULS17D; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-493e8d4f4dcso8850295e9.0 for ; Thu, 09 Jul 2026 03:07:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591635; x=1784196435; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=0CU0MfA/b04v88pFelRVyHeRe4mB542lMyTrP/JmSDE=; b=yWULS17DYeNxu+yjUkEPH3rHwwGeBVcuXaPiEuOJUYLz2jXMDLQalKhdxt6uiteNnX uHQV8keDu3TJuCXATZKft+V19PIGJo7GkqoMiV7TNSV7gT04R6Bge7liuzL+yF1hmDmZ 3LB6Uje8rbYKEiobYG+/lGJwlECUVKEmCVb+Y= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591635; x=1784196435; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=0CU0MfA/b04v88pFelRVyHeRe4mB542lMyTrP/JmSDE=; b=UbiDlWKZLXU/Md6G1hGXvNuuYFO0MPQkVRYAtvRyy6qbEaI+nc2Jt0MrDOzgE7NdJA 8oEOR7DlmXPbUv3eQpQp/sD9QWTYDTKdl79CxEcuNl/U7kNeFMRxbIRiS/cQHcZg5ijp JxqEN5rWjNDAXK8Gh6cV/yqQ6SxKlx4+EBEg5mLIhO/udf6VaR2hlvGO4jFdbvSmzhut 6b+4ZQEEWImifnDO6ys9Pa/sTslz8BvoOUsSeqlxtATJlKi34KHznJVshqAPhLuTb7LW oXOPlEFtRVWh6KM0R7PzTuG70lHH7B06T1OZg2/1SAn6gnoJwVwnaLFuXKrdrmttb+K9 dJwA== X-Gm-Message-State: AOJu0Yz6THwc3LuCtBMsusUglzauwRF7kICQVcw4GhaScQm61swc61jM 74P0MM5QQfcnCPYYt0hHlfLknZt/TFrrMMTggfNs8VwnTc8vlTLKatp0vmUL+AphAa/hbecIkZK d3RNyWF4= X-Gm-Gg: AfdE7clJh/MCdGMtjO+3CVwIYaL4yyHva3HcpgOKSwxzjKN0a/4qLM9u5FzV+yxkuRW 2XQ5s6J1RGrMXqrM+vfv64WO6z9wnBhZtrb0K2UjGLZ+8EXeGml9x55XLfIVAO9OewtOT16vpQe Uh+E/z6vS17MgnqmV1ptO5t8EtPNLZewmpy6tJjGLK/30rQeyvH8zpbQ1FKnw7b9qzgaYUrr717 pxRAyfaZ3qDtdFy4gbmqNOpsCIYLjksm+pKRitZ7MHLcsGWU3tBl7S0lkV0lmsSZEeUgZiT4H2m CIFuGFWRZa8Iz0jbMdNNd375BsxRSO31oyjXSoRTr5+ob7UDwdbYTnWDcSIhsfi9Ke7kh524SDM OWd8lnZ0FRv+YITydWus/iCttcfkBpWLGth2n3UU0uPpHvN9C1xYXCYSkiNxycq87e0fK2fN/8t T3jFf5yrWf+9d4mTk0hWVD/P/IymH+Ia3TjgQc/pzhc0y9cylplrp4YiZNPxVvKLHhuIlmv6NTu 0v1s0XKovopWLAJN/IJCXoikjfP X-Received: by 2002:a05:600c:e555:10b0:493:bb23:152a with SMTP id 5b1f17b1804b1-493e68a1853mr45040365e9.34.1783591634502; Thu, 09 Jul 2026 03:07:14 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:13 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 22/25] cargo: Fix CVE-2026-5223 Date: Thu, 9 Jul 2026 12:06:38 +0200 Message-ID: <40fe40b645870d3ac12bdf7cac6199dfe2c87a24.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:17 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240569 From: Anil Dongare This patch applies the upstream fix as referenced in [2], using the commit shown in [1]. [1] https://github.com/rust-lang/cargo/commit/285cebf58911eca5b7f177f5d0b1c53e1f646577 [2] https://security-tracker.debian.org/tracker/CVE-2026-5223 Signed-off-by: Anil Dongare Signed-off-by: Yoann Congal --- .../rust/files/CVE-2026-5223.patch | 114 ++++++++++++++++++ meta/recipes-devtools/rust/rust-source.inc | 1 + 2 files changed, 115 insertions(+) create mode 100644 meta/recipes-devtools/rust/files/CVE-2026-5223.patch diff --git a/meta/recipes-devtools/rust/files/CVE-2026-5223.patch b/meta/recipes-devtools/rust/files/CVE-2026-5223.patch new file mode 100644 index 00000000000..5171d02dda9 --- /dev/null +++ b/meta/recipes-devtools/rust/files/CVE-2026-5223.patch @@ -0,0 +1,114 @@ +From 285cebf58911eca5b7f177f5d0b1c53e1f646577 Mon Sep 17 00:00:00 2001 +From: Josh Triplett +Date: Mon, 30 Mar 2026 10:35:55 -0700 +Subject: [PATCH] CVE-2026-5223: prohibit unpacking symlinks and other + unexpected entries + +Cargo has historically not allowed creating .crate packages containing +symlinks. (It packages the symlink target in place of the symlink, +instead.) So, any package containing a symlink would have to be +hand-constructed. Such packages are also not allowed on crates.io, so it +could only come from an alternate registry. + +Rather than dealing with symlink traversal attacks when unpacking a +crate, just prohibit symlinks entirely. + +In the process, also prohibit other kinds of unusual entries. As an +exception, allow character devices but warn about them, because some +exist in crates on crates.io. + +CVE: CVE-2026-5223 +Upstream-Status: Backport [https://github.com/rust-lang/cargo/commit/285cebf58911eca5b7f177f5d0b1c53e1f646577] + +Backport Changes: +- Adapted to Cargo 0.76.0 in Rust 1.75.0, where unpack_package() still carries + the extraction loop directly and the newer smuggled-symlink regression test + is not present. + +(cherry picked from commit 285cebf58911eca5b7f177f5d0b1c53e1f646577) +Signed-off-by: Anil Dongare +--- + src/tools/cargo/src/cargo/sources/registry/mod.rs | 9 ++++++++- + src/tools/cargo/tests/testsuite/registry.rs | 31 ++++++++++++----------- + 2 files changed, 24 insertions(+), 16 deletions(-) + +diff --git a/src/tools/cargo/src/cargo/sources/registry/mod.rs b/src/tools/cargo/src/cargo/sources/registry/mod.rs +index 7ee461e..c97d96d 100644 +--- a/src/tools/cargo/src/cargo/sources/registry/mod.rs ++++ b/src/tools/cargo/src/cargo/sources/registry/mod.rs +@@ -197,7 +197,7 @@ use cargo_util::paths::{self, exclude_from_backups_and_indexing}; + use flate2::read::GzDecoder; + use serde::Deserialize; + use serde::Serialize; +-use tar::Archive; ++use tar::{Archive, EntryType}; + use tracing::debug; + + use crate::core::dependency::Dependency; +@@ -636,6 +636,13 @@ impl<'cfg> RegistrySource<'cfg> { + prefix + ) + } ++ // Prevent unpacking symlinks and other unexpected entry types. ++ match entry.header().entry_type() { ++ EntryType::Regular | EntryType::Directory => {} ++ t => anyhow::bail!( ++ "invalid tarball downloaded, contains an entry at {entry_path:?} with invalid type {t:?}", ++ ), ++ } + // Prevent unpacking the lockfile from the crate itself. + if entry_path + .file_name() +diff --git a/src/tools/cargo/tests/testsuite/registry.rs b/src/tools/cargo/tests/testsuite/registry.rs +index b5dff27..178bfff 100644 +--- a/src/tools/cargo/tests/testsuite/registry.rs ++++ b/src/tools/cargo/tests/testsuite/registry.rs +@@ -2550,8 +2550,7 @@ fn package_lock_inside_package_is_overwritten() { + } + + #[cargo_test] +-fn package_lock_as_a_symlink_inside_package_is_overwritten() { +- let registry = registry::init(); ++fn package_lock_as_a_symlink_inside_package_is_invalid() { + let p = project() + .file( + "Cargo.toml", +@@ -2573,21 +2572,23 @@ fn package_lock_as_a_symlink_inside_package_is_overwritten() { + .symlink(".cargo-ok", "src/lib.rs") + .publish(); + +- p.cargo("check").run(); ++ p.cargo("check") ++ .with_status(101) ++ .with_stderr_data(str![[r#" ++[UPDATING] `dummy-registry` index ++[LOCKING] 1 package to latest compatible version ++[DOWNLOADING] crates ... ++[DOWNLOADED] bar v0.0.1 (registry `dummy-registry`) ++[ERROR] failed to download replaced source registry `crates-io` + +- let id = SourceId::for_registry(registry.index_url()).unwrap(); +- let hash = cargo::util::hex::short_hash(&id); +- let pkg_root = cargo_home() +- .join("registry") +- .join("src") +- .join(format!("-{}", hash)) +- .join("bar-0.0.1"); +- let ok = pkg_root.join(".cargo-ok"); +- let librs = pkg_root.join("src/lib.rs"); ++Caused by: ++ failed to unpack package `bar v0.0.1 (registry `dummy-registry`)` + +- // Is correctly overwritten and doesn't affect the file linked to +- assert_eq!(ok.metadata().unwrap().len(), 7); +- assert_eq!(fs::read_to_string(librs).unwrap(), "pub fn f() {}"); ++Caused by: ++ invalid tarball downloaded, contains an entry at "bar-0.0.1/.cargo-ok" with invalid type Symlink ++ ++"#]]) ++ .run(); + } + + #[cargo_test] +-- +2.44.4 diff --git a/meta/recipes-devtools/rust/rust-source.inc b/meta/recipes-devtools/rust/rust-source.inc index 1ba82a8657f..c2abe288899 100644 --- a/meta/recipes-devtools/rust/rust-source.inc +++ b/meta/recipes-devtools/rust/rust-source.inc @@ -14,6 +14,7 @@ SRC_URI += "https://static.rust-lang.org/dist/rustc-${RUST_VERSION}-src.tar.xz;n file://repro-issue-fix-with-v175.patch;patchdir=${RUSTSRC} \ file://0001-cargo-do-not-write-host-information-into-compilation.patch;patchdir=${RUSTSRC} \ file://CVE-2026-5222.patch;patchdir=${RUSTSRC} \ + file://CVE-2026-5223.patch;patchdir=${RUSTSRC} \ " SRC_URI[rust.sha256sum] = "4526f786d673e4859ff2afa0bab2ba13c918b796519a25c1acce06dba9542340" From patchwork Thu Jul 9 10:06:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92118 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5F707C44512 for ; Thu, 9 Jul 2026 10:07:18 +0000 (UTC) Received: from mail-wm1-f54.google.com (mail-wm1-f54.google.com [209.85.128.54]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5813.1783591637000892889 for ; Thu, 09 Jul 2026 03:07:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=zhzlQJva; spf=pass (domain: smile.fr, ip: 209.85.128.54, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f54.google.com with SMTP id 5b1f17b1804b1-493c7902f47so12975915e9.1 for ; Thu, 09 Jul 2026 03:07:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591635; x=1784196435; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=h8BGweVKLAK2jp88CuzujD4VIOxjC7CxdeK7L6SNjCo=; b=zhzlQJva1s//IgP+WQNhelVh8RelGVY8UkyeYyXHp0OIbaOyle0ep59oraCQ2Be1Z9 uRKR4s5Ls3F7hBdwkfkP2yb23kp9IHv9Ji/G9iRByTctJBsiMs4Dtl4PIbteg3psCW+I zhRT3ke84QDo5iV+mSq9saR/OhPJ0uPr9k6h0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591635; x=1784196435; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=h8BGweVKLAK2jp88CuzujD4VIOxjC7CxdeK7L6SNjCo=; b=Aw0pxZ/sI7Q5Yur0BPRIUNQuIO89/F5cL7z+0KvgewWwGlhs3y8XbMM5dX0cm5+uJY czCgeFG83ym/2/8ujEf2dGIfvuVgDOCkaPlpseId46QI9KdWPxtQPhm5TePQu+Yv1e9m LaVaEbFOWSdxo5akjqZgmKGLCFGCqnt2GeKlh5/ZfrxXW5c8jmyPACy//CqwSD0+Itf5 LZC8/RgBgVdcNPAfGEiWwnEhzliMOiH/0Uyz1jqRQI8pRp0PBuYpfkHHOfP021WhgJuY KZbccWTr1bD0LDoP0woSCyFA2r7jzCFJc8PEun5LIgsStEHGDUO0P9ptg25Q9uqqyv5A OIgw== X-Gm-Message-State: AOJu0Yyd1WKviIUbwiVzbDVkTF3u5A5nf7J+HGEOf44V7EXw2Nln2c9X 38xs4i3QPO/d0uQHYknlJy9VznbJlq2iDPdWinXct87U/fS590zRpWMMMV+UrsqYrINZ5nfQRwu t5p+O26Q= X-Gm-Gg: AfdE7cnysxIsEkOaHaKly+r5p9xGjY/B908OyDsvBR3zF7cUeNaagVJnl1lE6iRioxj 4KC1oZshYpknjTaOl/HnLI3Nkf+Cf2uplGlBxeHmC1zF0pQvfgmNgLxj4qGGpvWR4+d8d51OdhN pTb9tpjmLORRCjRVypbChezAhEx8fM9SSIx72Rdx3vXNx6paZH616ggjEVWqm8OhYvNV0Jd082K Havcy2pAwiHafJUYmGdbW3wqDY1xR5O5rpWB9TdT74Veki5PRiSYgOhmcarQJsJVBwwE8632Kil iDkHBMnSEHqANnlCYtyH+E6vQiVLdese6Xt7C/lQDWnXmgqqa3fpsVp6e8gH2Q0EU7cGAEpLI1w eXoawFecXooMnZNqIvyMiGs+cN1amXWjOaTg8/IRZR5gmbgwmz/QC/89yIKNIQ7pBF85ar4uBTN E0+7tSFzA5p0myrtudxv4ngMJkqbKUA+GX3GfaT0TdqpDE9tcnm4pqs+JzQL9zRE5t5bTwFf0qQ cXM1/CLEgrzeAuPhw== X-Received: by 2002:a05:600c:1d0b:b0:493:b6ee:fcb7 with SMTP id 5b1f17b1804b1-493e68432c5mr62154355e9.14.1783591635149; Thu, 09 Jul 2026 03:07:15 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.14 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:14 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 23/25] openssh: CVE-2026-35387 patch also fixes CVE-2026-35414 Date: Thu, 9 Jul 2026 12:06:39 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240570 From: Benjamin Robin (Schneider Electric) The openssh commit fd1c7e131f331942d20f42f31e79912d570081fa fixes 2 CVEs: CVE-2026-35414 and CVE-2026-35387. CVE-2026-35414: | OpenSSH before 10.3 mishandles the authorized_keys principals option | in uncommon scenarios involving a principals list in conjunction | with a Certificate Authority that makes certain use of comma | characters. The match_principals_option() function is fixed. Before this fix: When matching an authorized_keys principals="" option against a list of principals in a certificate, an incorrect algorithm was used that could allow inappropriate matching in cases where a principal name in the certificate contains a comma character. Exploitation of the condition requires an authorized_keys principals="" option that lists more than one principal *and* a CA that will issue a certificate that encodes more than one of these principal names separated by a comma (typical CAs strongly constrain which principal names they will place in a certificate). This condition only applies to user- trusted CA keys in authorized_keys, the main certificate authentication path (TrustedUserCAKeys/AuthorizedPrincipalsFile) is not affected. CVE-2026-35387: | OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of | any ECDSA algorithm in PubkeyAcceptedAlgorithms or | HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA | algorithms. The rest of the patch allows to correctly match ECDSA signature algorithms against algorithm allowlists. The full explanation can be found on debian repository: https://salsa.debian.org/ssh-team/openssh/-/commit/ae190b6440b7c599d759527965334eeb49cc75b3 Signed-off-by: Benjamin Robin (Schneider Electric) Signed-off-by: Yoann Congal --- ...CVE-2026-35387.patch => CVE-2026-35414-CVE-2026-35387.patch} | 2 +- meta/recipes-connectivity/openssh/openssh_9.6p1.bb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename meta/recipes-connectivity/openssh/openssh/{CVE-2026-35387.patch => CVE-2026-35414-CVE-2026-35387.patch} (99%) diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35414-CVE-2026-35387.patch similarity index 99% rename from meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch rename to meta/recipes-connectivity/openssh/openssh/CVE-2026-35414-CVE-2026-35387.patch index c4806bd9935..4839d76fa80 100644 --- a/meta/recipes-connectivity/openssh/openssh/CVE-2026-35387.patch +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2026-35414-CVE-2026-35387.patch @@ -14,7 +14,7 @@ Reported by Christos Papakonstantinou of Cantina and Spearbit. OpenBSD-Commit-ID: c790e2687c35989ae34a00e709be935c55b16a86 -CVE: CVE-2026-35387 +CVE: CVE-2026-35414 CVE-2026-35387 Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fd1c7e131f331942d20f42f31e79912d570081fa] Signed-off-by: Theo Gaige (Schneider Electric) --- diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index ea158b56b41..4193bc8a5b4 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb @@ -35,7 +35,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://CVE-2025-61985.patch \ file://CVE-2025-61984_CVE-2026-35386.patch \ file://CVE-2026-35385.patch \ - file://CVE-2026-35387.patch \ + file://CVE-2026-35414-CVE-2026-35387.patch \ file://CVE-2026-35388.patch \ " SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" From patchwork Thu Jul 9 10:06:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92121 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B0FBC44513 for ; Thu, 9 Jul 2026 10:07:18 +0000 (UTC) Received: from mail-wm1-f44.google.com (mail-wm1-f44.google.com [209.85.128.44]) by mx.groups.io with SMTP id smtpd.msgproc01-g2.5896.1783591637633991338 for ; Thu, 09 Jul 2026 03:07:17 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=mmnT81b9; spf=pass (domain: smile.fr, ip: 209.85.128.44, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f44.google.com with SMTP id 5b1f17b1804b1-493c52cde9eso6352315e9.3 for ; Thu, 09 Jul 2026 03:07:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591636; x=1784196436; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=t6REyVUFqq3ti33XFhlR6bYoJYZxmwB2dQUi4WnXh7Q=; b=mmnT81b9J2x825LTpfUXHKKN7knrX2z+8AAnzqi3ULT1B7MvtuQmaUi9m9xO44Md6H bsp8lK1NVFcgE1XCbgIUTIjZ6I5MEPtXSSycHKwYFxgxZChz+CApDiBpEpoSgXlF2KEu kwZUcfBD84+E1kAKdgPb1qsOENePslxdIK/jc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591636; x=1784196436; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=t6REyVUFqq3ti33XFhlR6bYoJYZxmwB2dQUi4WnXh7Q=; b=PE+LAV2qqHB8AqrSkRPd9b1qjnirpUWkObahTNHkddkkKbRzI9CzahrGPG6bYUX0tp Qg9hBqVvB27/m5aRXlMOZIqU7zLTdu+b9IJmLtjyqc1XwE+McdfUezcosDSy8y/KbyUw vXPBkTUR+TrHdnKKk5BZ+D08DAAUpu64fbxRhofmQP4a1P63PBB/p9ft/ZZlmbZfxMny YdOEDVSQtfXNsftuwtDXW5duYrmZfNR6Arzq6U/z1K0gtUWuZKw+J5ZM2TuZaGOudAB1 zrruq/Ch4Eu3FTrMiIGpKx3UHsutoqWeaSOdiQeK8ANXrnevuErlNDS4DeyrNvQ1jLd9 bG0A== X-Gm-Message-State: AOJu0Yx88DCJdyxlRDtKx/9e94hXhETy/KzVtCO8Jw0Zu+e48p/n1FFO G3I+qXtBZ2eyJ9IZx1XUE8XzBDf6GndT/4ifn/LUPI841wnYSHwJo+6GTlCd12hatSSTGVqOuqO sd9rj/vs= X-Gm-Gg: AfdE7ckK4n0JNVKGUmRAWhJQ+5CmKwAxrHD4/WEgkaMN/mdmpn6qq7LZvcIeMYgvcE1 WgmL26lopn08YwaHLXhn8LYNd60REz3PS6lLHeOOfO8VFMEq1sYdSF4ACQKVfx4sK/gGlmzmBYS hSV6zJDUjhc1aALER0Ko1du7yaLhccfcU8Z4RrH9uJBaTbs9hJi1RLLCtVo7DksV15dy/Z7wm+a v6MyDC1DL4BqXl+8y6KGfnR5OKVaZDggsq89ZI9pZnvZ77uIrmAOxuBKivH7pn8EwBmI4mQQlNh M2Ur5t7vM9w0ow++E3hhBn7MHTqGT48oFTTgqRKo4Rbz1GTadQjUjt4fqV+1xuGoUinZ2HRb6zj A9/EPV123c2loMUlTVKgNE5QChCJ+h98d5zZlJW7LYjfS8IyhR75gLtDPHAJfDtG3yWISAECPG+ B+IRnmnNteNozzdZkiOmrfhk/xWdK812hs8X5rpGgIKNPJMQc/sMuX32D0fD1gQXUPgMGX8hZVM Ek7sIC1aESLHzyvsA== X-Received: by 2002:a05:600c:a44:b0:493:c35c:b4d1 with SMTP id 5b1f17b1804b1-493e6898b47mr65970265e9.7.1783591635774; Thu, 09 Jul 2026 03:07:15 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:15 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 24/25] libgcrypt: upgrade 1.10.3 -> 1.10.4 Date: Thu, 9 Jul 2026 12:06:40 +0200 Message-ID: X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240571 From: Jakub Szczudlo Release notes are here: https://dev.gnupg.org/T8233.html Update contains fix for CVE-2026-41989 and because of building error patch need to be updated to fix compile flags in new version. Signed-off-by: Jakub Szczudlo [YC: upgrades contains "mpi/ec-inline: refactor i386 assembly to reduce register usage" which looks like optimisation but it is actually a fix for a build failure. See: https://dev.gnupg.org/T6892.html] Signed-off-by: Yoann Congal --- ...ilding-error-with-O2-in-sysroot-path.patch | 64 ------------------- ...r-handle-substitution-in-sed-command.patch | 49 ++++++++++++++ ...ibgcrypt_1.10.3.bb => libgcrypt_1.10.4.bb} | 4 +- 3 files changed, 51 insertions(+), 66 deletions(-) delete mode 100644 meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch create mode 100644 meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch rename meta/recipes-support/libgcrypt/{libgcrypt_1.10.3.bb => libgcrypt_1.10.4.bb} (92%) diff --git a/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch b/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch deleted file mode 100644 index dee4969f35e..00000000000 --- a/meta/recipes-support/libgcrypt/files/0001-Fix-building-error-with-O2-in-sysroot-path.patch +++ /dev/null @@ -1,64 +0,0 @@ -From b99952adc6ee611641709610d2e4dc90ba9acf37 Mon Sep 17 00:00:00 2001 -From: "simit.ghane" -Date: Tue, 7 May 2024 14:09:03 +0530 -Subject: [PATCH] Fix building error with '-O2' in sysroot path - -* cipher/Makefile.am (o_flag_munging): Tweak the sed script. -* random/Makefile.am (o_flag_munging): Ditto. --- - -Characters like '-O2' or '-Ofast' will be replaced by '-O1' and '-O0' -respectively when compiling cipher and random in the filesystem -paths as well if they happen to contain '-O2' or '-Ofast - -If we are cross compiling libgcrypt and sysroot contains such -characters, we would -get compile errors because the sysroot path has been modified. - -Fix this by adding blank spaces and tabs before the original matching -pattern in the sed command. - -Signed-off-by: simit.ghane - -ChangeLog entries added by wk - -Note that there is also the configure option --disable-O-flag-munging; -see the README. - -Upstream-Status: Backport [https://dev.gnupg.org/rCb99952adc6ee611641709610d2e4dc90ba9acf37 https://dev.gnupg.org/rC5afadba008918d651afefb842ae123cc18454c74] - -Signed-off-by: Robert Yang ---- - cipher/Makefile.am | 2 +- - random/Makefile.am | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/cipher/Makefile.am b/cipher/Makefile.am -index 2c39586e..a914ed2b 100644 ---- a/cipher/Makefile.am -+++ b/cipher/Makefile.am -@@ -168,7 +168,7 @@ gost-s-box$(EXEEXT_FOR_BUILD): gost-s-box.c - - - if ENABLE_O_FLAG_MUNGING --o_flag_munging = sed -e 's/-O\([2-9sgz][2-9sgz]*\)/-O1/' -e 's/-Ofast/-O1/g' -+o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /g' -e 's/[[:blank:]]-Ofast/ -O1 /g' - else - o_flag_munging = cat - endif -diff --git a/random/Makefile.am b/random/Makefile.am -index 0c935a05..340df38a 100644 ---- a/random/Makefile.am -+++ b/random/Makefile.am -@@ -56,7 +56,7 @@ jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h - - # The rndjent module needs to be compiled without optimization. */ - if ENABLE_O_FLAG_MUNGING --o_flag_munging = sed -e 's/-O\([1-9sgz][1-9sgz]*\)/-O0/g' -e 's/-Ofast/-O0/g' -+o_flag_munging = sed -e 's/[[:blank:]]-O\([1-9sgz][1-9sgz]*\)/ -O0 /g' -e 's/[[:blank:]]-Ofast/ -O0 /g' - else - o_flag_munging = cat - endif --- -2.44.1 - diff --git a/meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch b/meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch new file mode 100644 index 00000000000..35c7527e835 --- /dev/null +++ b/meta/recipes-support/libgcrypt/files/0002-random-cipher-handle-substitution-in-sed-command.patch @@ -0,0 +1,49 @@ +From e96df0c82e086bf348753d2d0fa37fa6191b4b14 Mon Sep 17 00:00:00 2001 +From: "simit.ghane" +Date: Tue, 11 Jun 2024 07:22:28 +0530 +Subject: [PATCH] random:cipher: handle substitution in sed command + +Upstream-Status: Backport [https://github.com/gpg/libgcrypt/commit/e96df0c82e086bf348753d2d0fa37fa6191b4b14] + +* cipher/Makefile.am (o_flag_munging): Add 'g' flag for first sed +expression. +* random/Makefile.am (o_flag_munging): Likewise. +-- + +It was there earlier and accidentally removed from +Makefile.am of cipher and random + +Signed-off-by: simit.ghane +[jk: add changelog to commit message] +Signed-off-by: Jussi Kivilinna +--- + cipher/Makefile.am | 2 +- + random/Makefile.am | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/cipher/Makefile.am b/cipher/Makefile.am +index ea9014cc98..149c9f2101 100644 +--- a/cipher/Makefile.am ++++ b/cipher/Makefile.am +@@ -169,7 +169,7 @@ gost-s-box$(EXEEXT_FOR_BUILD): gost-s-box.c + + + if ENABLE_O_FLAG_MUNGING +-o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /' -e 's/[[:blank:]]-Ofast/ -O1 /g' ++o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O1 /g' -e 's/[[:blank:]]-Ofast/ -O1 /g' + else + o_flag_munging = cat + endif +diff --git a/random/Makefile.am b/random/Makefile.am +index c7100ef8b8..a42e430649 100644 +--- a/random/Makefile.am ++++ b/random/Makefile.am +@@ -56,7 +56,7 @@ jitterentropy-base.c jitterentropy.h jitterentropy-base-user.h + + # The rndjent module needs to be compiled without optimization. */ + if ENABLE_O_FLAG_MUNGING +-o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O0 /' -e 's/[[:blank:]]-Ofast/ -O0 /g' ++o_flag_munging = sed -e 's/[[:blank:]]-O\([2-9sgz][2-9sgz]*\)/ -O0 /g' -e 's/[[:blank:]]-Ofast/ -O0 /g' + else + o_flag_munging = cat + endif diff --git a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb b/meta/recipes-support/libgcrypt/libgcrypt_1.10.4.bb similarity index 92% rename from meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb rename to meta/recipes-support/libgcrypt/libgcrypt_1.10.4.bb index 3d49d586bb7..96e3a692b6f 100644 --- a/meta/recipes-support/libgcrypt/libgcrypt_1.10.3.bb +++ b/meta/recipes-support/libgcrypt/libgcrypt_1.10.4.bb @@ -25,9 +25,9 @@ SRC_URI = "${GNUPG_MIRROR}/libgcrypt/libgcrypt-${PV}.tar.bz2 \ file://no-native-gpg-error.patch \ file://no-bench-slope.patch \ file://run-ptest \ - file://0001-Fix-building-error-with-O2-in-sysroot-path.patch \ + file://0002-random-cipher-handle-substitution-in-sed-command.patch \ " -SRC_URI[sha256sum] = "8b0870897ac5ac67ded568dcfadf45969cfa8a6beb0fd60af2a9eadc2a3272aa" +SRC_URI[sha256sum] = "d6d2f835a79711ceba54b53d1081d388d24fb0341d79a268a6557e12908a90a0" BINCONFIG = "${bindir}/libgcrypt-config" From patchwork Thu Jul 9 10:06:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yoann Congal X-Patchwork-Id: 92122 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id 69BB6C43458 for ; Thu, 9 Jul 2026 10:07:28 +0000 (UTC) Received: from mail-wm1-f48.google.com (mail-wm1-f48.google.com [209.85.128.48]) by mx.groups.io with SMTP id smtpd.msgproc02-g2.5814.1783591638313069854 for ; Thu, 09 Jul 2026 03:07:18 -0700 Authentication-Results: mx.groups.io; dkim=pass header.i=@smile.fr header.s=google header.b=Dik7X3RN; spf=pass (domain: smile.fr, ip: 209.85.128.48, mailfrom: yoann.congal@smile.fr) Received: by mail-wm1-f48.google.com with SMTP id 5b1f17b1804b1-493b77b150aso13231705e9.2 for ; Thu, 09 Jul 2026 03:07:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=smile.fr; s=google; t=1783591636; x=1784196436; darn=lists.openembedded.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to:content-type; bh=fDkT9xPH1h1E+AKakJANNa/nIGstryzl+fuiatN2iu0=; b=Dik7X3RNEEwC0iaAJNnCZxuypKHI2pvVZTk+XQanjZfgOPTKbKeksJnhsBBFsaLB9s nUw2MqvqlORWzP7qxFqwm/buYBpRJtDGfySoG9M9fV1YWOF4efXBojUrlfnRK1pDx+r4 fBGFilO2vcaghJfDqt0apjGqCMYxoC8bM8aic= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1783591636; x=1784196436; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-gg:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to:content-type; bh=fDkT9xPH1h1E+AKakJANNa/nIGstryzl+fuiatN2iu0=; b=DGhCJYVBTvpNpsOT5mBrrht4M4VtjaAzBbbGpcIEdxYjZHlBZWGifKGOmunlZ+zRhp MjKAHu2vZJVcET4Rq7BvGkW6oiWi7Et9vWTYS0RuTk+PYog9PJraYNsKaIr+4Nro1RkW kqrHaLaXEeVr4dbnSxYI44fJwM98g1xwnw3aBOUtzkj7/18DcjUuKXrjP8xT2C4L5iN4 GpvkT9QAFWvDLghW/iYSorZ0s5nUPfac3OTdJ5WUANHsJNStF473uXqjX3bc3Rd8AKIw OBd9EmIGmjFYQzj7c1lwq0u30xitu5Vf+8Xy8cvXJdSX/MThKqX40hpuZwW48X7PofCU wA8w== X-Gm-Message-State: AOJu0YwTBG6h5zxa/FYr0Axz+5d9/p1cDZQ5y3SFMX7uTL6Ae4UipLP3 zZ1vn4XrbeCDr91SvyYV3n1PlOEogRIlcFbmBNvF2o2Xfk913iySVJ21Ec7wpSZfcyYzqHbB3dE IcJTuOlQ= X-Gm-Gg: AfdE7ckj3S8ctg2e2qhPvru8tLu849DjM5iwlygmSGIlQK/9EpB+UKsvtYUOLaiRg+b ix2YnnZg2P6EkkIQHYdxCaPoHqZs1jV4rcEGCAlmWkr67gXYZXjQH34sQ+SKG257042dUgEpDMR CalWVn4BmE6pjTmcMilpEs6B5K2EWnmWUt/f8dCqvAoqsZCWDEVSrG4QPK9VMxUQzKWWlTSWJFC Ci81J3HX65JVU21fgjeFEUNCjfdBXQzkiTrEmEEhccjkuGA8+FpnYl9Ajlvz6xG6pz7f5yskdc9 9gbvfrGFE2kLYamf9jjRC2uqgyJx8GtKwNKzoGu3n7YlZHHUvScqdMH/SiGwxDyXMNjZi1fo7JT mhJ3Ha0vfbxf+YXgywrtEhGr2Y7izsEFRRUoLiQ5n9LLus9kB47UJkYu/vrURd1FBWmf/Pr/gg3 LxLDgyGgQwLCtc/QA4z1f+qzrkXnz+QkLqcIuxv/lpBzS4Fj2tkmMa25dsKrr3jQcm+Qm6vKUjm mvOZp1NWwjC32BphQ== X-Received: by 2002:a05:600c:4512:b0:493:b7cb:c5f with SMTP id 5b1f17b1804b1-493e6893c66mr61369595e9.11.1783591636443; Thu, 09 Jul 2026 03:07:16 -0700 (PDT) Received: from FRSMI25-LASER.home (2a01cb001331aa00fd88810a86c49142.ipv6.abo.wanadoo.fr. [2a01:cb00:1331:aa00:fd88:810a:86c4:9142]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-493e5a5d174sm149687135e9.2.2026.07.09.03.07.15 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 Jul 2026 03:07:15 -0700 (PDT) From: Yoann Congal To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 25/25] cve-update: Avoid NFS caching issues Date: Thu, 9 Jul 2026 12:06:41 +0200 Message-ID: <728706a9dc79a8c70429b805fc40429bcd8e09fc.1783590688.git.yoann.congal@smile.fr> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 List-Id: X-Webhook-Received: from 45-33-107-173.ip.linodeusercontent.com [45.33.107.173] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Thu, 09 Jul 2026 10:07:28 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/240572 From: Paul Barker When moving the updated CVE database file to the downloads directory, ensure that it has a different inode number to the previous version of this file. We have seen "sqlite3.DatabaseError: database disk image is malformed" exceptions on our autobuilder when trying to read the CVE database in do_cve_check tasks. The context here is that the downloads directory (where the updated database file is copied to) is shared between workers as an NFS mount. Different autobuilder workers were seeing different checksums for the database file, which indicates that a mix of both new and stale data was being read. Forcing each new version of the database file to have a different inode number will prevent stale data from being read from local caches. This should fix [YOCTO #16086]. Signed-off-by: Paul Barker Signed-off-by: Richard Purdie (cherry picked from commit f63622bbec1cfaca6d0b3e05e11466e4c10fa86e) [YC: removed cve-update-db-native part, file was removed in 17eb0788514 (cve-update-db-native: remove, 2023-06-23)] Signed-off-by: Yoann Congal --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 945bd1d927c..303309bebdc 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -88,8 +88,13 @@ python do_fetch() { shutil.copy2(db_file, db_tmp_file) if update_db_file(db_tmp_file, d, database_time) == True: - # Update downloaded correctly, can swap files - shutil.move(db_tmp_file, db_file) + # Update downloaded correctly, we can swap files. To avoid potential + # NFS caching issues, ensure that the destination file has a new inode + # number. We do this in two steps as the downloads directory may be on + # a different filesystem to tmpdir we're working in. + new_file = "%s.new" % (db_file) + shutil.move(db_tmp_file, new_file) + os.rename(new_file, db_file) else: # Update failed, do not modify the database bb.warn("CVE database update failed")