30665 Commits

Author SHA1 Message Date
Khem Raj
bd2cabff81
net-snmp: Fix a crash and support for 6.7+ kernel
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from 8147a884c68d8fdd89939a8443a902b65297520c)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-05 17:46:28 +05:30
Deepak Rathore
b09a12e166
hdf5 1.14.4-3: Fix CVE tag format in patches
- The CVE tags in multiple hdf5 patches were using comma-separated
format which caused false positives in CVE reports.
- Multiple CVEs should be separated by space in CVE-ID.patch file as
per recipe style guide in Yocto documentation so CVE report tool can
scan those CVEs and mark it as patched.

Fixed the following patches:
- CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_01.patch
- CVE-2025-6269-CVE-2025-6270-CVE-2025-6516_02.patch
- CVE-2025-2923-CVE-2025-6816-CVE-2025-6856.patch

Reference:
- https://docs.yoctoproject.org/contributor-guide/recipe-style-guide.html#cve-patches

Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-05 17:46:25 +05:30
Gyorgy Sarvari
a9fa1c5c2a
xrdp: patch CVE-2023-42822
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-42822

Pick the patch the references the github advisory[1] and the cve ID also from
the nvd report. The patch is a backported version of the patch referenced by
the nvd report.

[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-2hjx-rm4f-r9hw

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:11 +05:30
Gyorgy Sarvari
259e4f9266
xrdp: patch CVE-2023-40184
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-40184

Pick the patch that is associated with the github advisory[1], which is
a backported version of the patch that is referenced by the nvd report.

[1]: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-f489-557v-47jq
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:11 +05:30
Gyorgy Sarvari
f81041bb39
xrdp: patch CVE-2022-23493
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23493

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:10 +05:30
Gyorgy Sarvari
2578e5c17d
xrdp: patch CVE-2022-23484
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23484

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:10 +05:30
Gyorgy Sarvari
8ffd8f29d5
xrdp: patch CVE-2022-23483
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23483

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:09 +05:30
Gyorgy Sarvari
31694c82e3
xrdp: patch CVE-2022-23482
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23482

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:09 +05:30
Gyorgy Sarvari
64ee8f84c4
xrdp: patch CVE-2022-23481
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23481

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:08 +05:30
Gyorgy Sarvari
71e9d02b12
xrdp: patch CVE-2022-23480
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23480

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:08 +05:30
Gyorgy Sarvari
19e076e66b
xrdp: patch CVE-2022-23479
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23479

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:07 +05:30
Gyorgy Sarvari
63b5fff975
xrdp: patch CVE-2022-23478
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23478

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:07 +05:30
Gyorgy Sarvari
a6efc5b285
xrdp: patch CVE-2022-23477
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23477

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:06 +05:30
Gyorgy Sarvari
1cb08277fe
xrdp: patch CVE-2022-23468
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-23468

Pick the patch that mentions this vulnerability explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-04 14:10:02 +05:30
Anuj Mittal
5a52615450
pidgin: fix reproducibility issues
Backport changes fixing reproducibility issues from master:

    9697fd958e      Yoann Congal    pidgin: Upgrade to 2.14.13

Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 11:23:31 +05:30
yuyu
9e4f627941
trace-cmd: Update SRC_URI to use HTTPS protocol
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f00b6ad12f2fead06487711c48544b3dd62bb987)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:37:26 +05:30
Yi Zhao
7e74032909
crash: add zlib-native to depends for crash-cross
Fix the following error when using buildtools-extended:

va_server.c:20:10: fatal error: zlib.h: No such file or directory
   20 | #include <zlib.h>
      |          ^~~~~~~~

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit bd745115de76de7242e3e7e69b29f1ae507fea13)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:34:21 +05:30
Gyorgy Sarvari
9100a5369d
nbdkit: patch CVE-2025-47712
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-47712

Pick the patch from the project's repository which explicitly
mentions this vulnerability ID.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:34 +05:30
Gyorgy Sarvari
ffb8d52fae
nbdkit: patch CVE-2025-47711
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-47711

Pick the patch from the repository which explicitly mentions
this CVE ID.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:34 +05:30
Gyorgy Sarvari
8f602e1cfa
redis: handle CVE-2025-27151
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-27151

In redis 7 this is already patched[1], and the recipe contains the
fix.
For redis 6 backport the relevant patch (which is referenced in the
nvd report)

[1]: d0eeee6e31

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:33 +05:30
Gyorgy Sarvari
ac19cd99a8
redis: ignore CVE-2022-0543
Details: https://nvd.nist.gov/vuln/detail/CVE-2022-0543

The issue is specific to the version packaged by Debian, it can be ignored.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:33 +05:30
Gyorgy Sarvari
ed345fca57
yasm: patch CVE-2021-33456
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33465

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1020-hash-null-CVE-2021-33456.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1e2731fce05d15020fddf3dca5d8ee42ec3c04e1)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:32 +05:30
Gyorgy Sarvari
782c49a05a
yasm: patch CVE-2021-33464
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-33464

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1010-nasm-pp-no-env-CVE-2021-33464.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 66a0b01b52e5d1cd2af4c41ae0b67541464874e6)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:32 +05:30
Gyorgy Sarvari
138ac945d9
yasm: patch CVE-2023-29579
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-29579

The patch was taken from Debian:
https://sources.debian.org/patches/yasm/1.3.0-8/1000-x86-dir-cpu-CVE-2023-29579.patch/

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cc30757a7fd0af5f60b9a6408b3eb94c0810acda)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:31 +05:30
Gyorgy Sarvari
05fd7d83ff
yasm: add alternative CVE_PRODUCT
There are multiple vendors for yasm:

$ sqlite3 ./nvdcve_2-2.db "select distinct vendor, product from products where product = 'yasm';"
tortall|yasm
yasm_project|yasm

Both products refer to the same application

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 93f85e4fd2fb124cb047f6b378cf0052a1f102aa)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:31 +05:30
Kai Kang
0ad67b4bd2
libtracefs: avoid run bison
There is a rare compile failure

| In file included from sqlhist-parse.h:25,
|                  from tracefs-sqlhist.c:17:
| sqlhist.tab.h:120:8: error: unterminated comment
|   120 | #endif /* !YY_TRACEFS_SQLHIST_TAB_H_INCLUDED  */
|       |        ^

Backport patch to avoid run bison that not re-gerate sqlhist.tab.h.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-12-03 10:31:28 +05:30
Gyorgy Sarvari
89a01c3d9a
cockpit: set correct CVE_PRODUCT
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit af4df551eec582844a8b56154117915ace1596cd)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-28 11:27:05 -08:00
Pavel Zhukov
2e0e65ecaa
fbida: Require opengl feature for pdf only
Don't require it for entire distro if pdf package config disabled.

Signed-off-by: Pavel Zhukov <pavel@zhukoff.net>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f22451b51bf668fbbf27b50744786c64316ef700)
Signed-off-by: Chris Laplante <chris.laplante@agilent.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-28 11:27:05 -08:00
Gyorgy Sarvari
9f031e8d0f
links: set CVE_PRODUCT
There are some unrelated software called "links", which cases
false-positive CVEs to be reported by the CVE checker.

Set the vendor/product pairs that were historically used with
CVEs for this software.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 62a53097324ace9161d8fdcfbc533baac9ee6309)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-28 11:26:58 -08:00
Peter Marko
2e768a8261
uw-imap: patch CVE-2018-19518
Take patch from Debian from
873b07f46c

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9f7c1e6bd101494c6cc5dad16a7fa65a13cbac70)
Signed-off-by: Anil Dongare <adongare@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-25 17:14:44 +05:30
Yoann Congal
77536efcb0
zfs: fix host-related reproducibility
The zfs package content varies depending the host distro.
To fix this, force target distribution ("vendor") to Debian to match
default values for things like: NFS server service name, bash completion
path, configuration files, ...
The Debian values do match the OpenEmbedded ones.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4990a36eb404d5ae603acd6f777c38d62b7973a3)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-25 17:12:52 +05:30
Khem Raj
e6a44bc7eb
ot-br-posix: Define config files explicitly
Otherwise it picks up from build area with absolute paths into builddir

Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 0439d42c556d97405b13deecc412605ca8fc202f)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-25 17:12:18 +05:30
Hugo SIMELIERE
5fab8bd31b
libwebsockets: fix CVE-2025-11678
Backport a fix from Debian:
https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11678.patch
Upstream commit:
2bb9598562

Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-21 11:06:18 +05:30
Hugo SIMELIERE
da04d7003e
libwebsockets: fix CVE-2025-11677
Backport a fix from Debian:
https://sources.debian.org/patches/libwebsockets/4.3.5-1+deb13u1/CVE-2025-11677.patch
Upstream commit:
2f082ec312

Signed-off-by: Bruno VERNAY <bruno.vernay@se.com>
Signed-off-by: Hugo SIMELIERE <hsimeliere.opensource@witekio.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-21 11:06:17 +05:30
Zhang Peng
e656a5b181
frr: fix CVE-2024-55553
CVE-2024-55553:
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size
of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes.
An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing
more than this number of updates during an update interval (usually 30 minutes).
Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this
to trigger route validation continuously. Given that routers with large full tables may need
more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers
of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally.
Additionally, the re-validation will cause heightened BMP traffic to ingestors.
Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-55553]

Upstream patches:
[b0800bfdf0]

Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-21 11:06:13 +05:30
Yoann Congal
b79cf94b4d
grilo: fix buildpaths QA error
grl-type-builtins.* are generated by glib-mkenums which leave full paths
in comment and #include directives. Rewrite those before *-src packaging.
Previous fix did not correct the .c file and did not work in the
"devtool modify" case.

Fix these errors:
  ERROR: grilo-0.3.16-r0 do_package_qa: QA Issue: File /usr/src/debug/grilo/0.3.16/src/grl-type-builtins.c in package grilo-src contains reference to TMPDIR [buildpaths]
  ERROR: grilo-0.3.16-r0 do_package_qa: QA Issue: File /usr/src/debug/grilo/0.3.16/src/grl-type-builtins.h in package grilo-src contains reference to TMPDIR [buildpaths]
  ERROR: grilo-0.3.16-r0 do_package_qa: Fatal QA errors were found, failing task.

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit aa88276c26b465039b45281b8c206dd5d7baa58e)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 16:56:37 +05:30
J. S.
4e69ebbcf9
libhtml-tree-perl: fix QA Issue: TMPDIR [buildpaths]
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5f471132db6df673bbc2c9d7e03f3a049401cfa8)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 16:54:30 +05:30
Khem Raj
c031af8d73
fvwm: Fix buildpaths QA Errors
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 228c3483e28ad72d1961aba1585fd6b575362ec8)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 16:52:48 +05:30
Yoann Congal
db2d62f261
klibc: fix debug pkgs reproducibility
Debug packages of klibc-based recipe contains reference to TMPDIR and
fail to build since "buildpaths" is a ERROR_QA: For example, from [0]:
stdio: ERROR: kexec-tools-klibc-2.0.18+git-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/kexec in package kexec-tools-klibc-dbg contains reference to TMPDIR
stdio: ERROR: kexecboot-klibc-0.6+git-r0 do_package_qa: QA Issue: File /usr/bin/.debug/kexecboot in package kexecboot-klibc-dbg contains reference to TMPDIR [buildpaths]
stdio: ERROR: ubi-utils-klibc-2.0.2-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/ubirename in package ubi-utils-klibc-dbg contains reference to TMPDIR

Fix this by adding DEBUG_PREFIX_MAP to the klibc build CFLAGS to rewrite
these paths in a reproducible way.

[0]: https://autobuilder.yoctoproject.org/typhoon/#/builders/155/builds/40

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 643bc59b0ca271f71c7fef80ed1db4d117248f9b)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 16:09:30 +05:30
Khem Raj
65d989d9e4 libwmf: Fix buildpaths QA Errors in libwmf-config
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 6fc95d7a747f0e2c444b265a067d2ee2faa894f0)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
f6c6cdce9d iptraf-ng: patch CVE-2024-52949
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-52949

Pick the commit that mentions the CVE in its description.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
(cherry picked from commit 16071ef98f7cfd1501e9c399ac27afe2e061b22a)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Ankur Tyagi
fd052187ac hdf5: patch CVE-2025-2926
Details https://nvd.nist.gov/vuln/detail/CVE-2025-2926

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Ankur Tyagi
3c45985620 freerdp3: patch CVE-2025-4478
Details https://nvd.nist.gov/vuln/detail/CVE-2025-4478

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Ankur Tyagi
e2bf6a8064 botan: patch CVE-2024-50382 and CVE-2024-50383
Same patch fixes both vulnerabilities.

Details:
https://nvd.nist.gov/vuln/detail/CVE-2024-50382
https://nvd.nist.gov/vuln/detail/CVE-2024-50383

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
2d31b3897f libwmf: patch CVE-2016-9011
Details: https://nvd.nist.gov/vuln/detail/CVE-2016-9011

Pick the patch that explicitly mentions the vulnerability ID.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
41d4d6c022 libwmf: patch CVE-2015-4696
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-4696

Pick the patch that mentions the vulnerability ID explicitly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
ee90f2d75e libwmf: patch CVE-2015-4695
Details: https://nvd.nist.gov/vuln/detail/CVE-2015-4695

Pick the commit that explicitly mentions the vulnerability ID.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
dbc98a00eb libwmf: patch CVE-2015-0848 and CVE-2015-4588
Details:
https://nvd.nist.gov/vuln/detail/CVE-2015-0848
https://nvd.nist.gov/vuln/detail/CVE-2015-4588

Pick the commit that mentions the CVE IDs explicitly.
The same patch fixes both vulnerabilities.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
786bad8097 libwmf: add missing CVE tag to patch
CVE-2006-3376 is already patched, but the patch is missing
the required CVE tag, so the cve-checker misses it.

This patch adds the tag.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30
Gyorgy Sarvari
f5701506eb libwmf: add proper CVE tag to patch
CVE-2009-1364 is already patched, but the patch didn't contain
the necessary tag so the cve-checker didn't pick it up.

This change adds the required tag.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
2025-11-19 08:46:56 +05:30