33 files changed, 1326 insertions, 123 deletions

diff --git a/bitbake/lib/bb/cooker.py b/bitbake/lib/bb/cooker.py
index 90022f3c35..dc131939ed 100644
--- a/bitbake/lib/bb/cooker.py
+++ b/bitbake/lib/bb/cooker.py
@@ -26,6 +26,7 @@ import json
 import pickle
 import codecs
 import hashserv
+import ctypes
 
 logger      = logging.getLogger("BitBake")
 collectlog  = logging.getLogger("BitBake.Collection")
@@ -1998,9 +1999,9 @@ class ParsingFailure(Exception):
         Exception.__init__(self, realexception, recipe)
 
 class Parser(multiprocessing.Process):
-    def __init__(self, jobs, jobid_queue, results, quit, profile):
+    def __init__(self, jobs, next_job_id, results, quit, profile):
         self.jobs = jobs
-        self.jobid_queue = jobid_queue
+        self.next_job_id = next_job_id
         self.results = results
         self.quit = quit
         multiprocessing.Process.__init__(self)
@@ -2059,20 +2060,22 @@ class Parser(multiprocessing.Process):
         multiprocessing.util.Finalize(None, bb.fetch.fetcher_parse_save, exitpriority=1)
 
         pending = []
+        havejobs = True
         try:
-            while pending or not self.exit:
+            while (havejobs or pending) and not self.exit:
                 if self.quit.is_set():
                     break
 
-                jobid = None
-                try:
-                    # Have to wait for all parsers to have forked
-                    jobid = self.jobid_queue.get(True, 0.1)
-                except (ValueError, OSError, queue.Empty) as e:
-                    pass
+                job = None
+                if havejobs:
+                    with self.next_job_id.get_lock():
+                        if self.next_job_id.value < len(self.jobs):
+                            job = self.jobs[self.next_job_id.value]
+                            self.next_job_id.value += 1
+                        else:
+                            havejobs = False
 
-                if jobid is not None:
-                    job = self.jobs[jobid]
+                if job:
                     result = self.parse(*job)
                     # Clear the siggen cache after parsing to control memory usage, its huge
                     bb.parse.siggen.postparsing_clean_cache()
@@ -2085,7 +2088,6 @@ class Parser(multiprocessing.Process):
                     except queue.Full:
                         pending.append(result)
         finally:
-            self.jobs.close()
             self.results.close()
             self.results.join_thread()
 
@@ -2167,22 +2169,18 @@ class CookerParser(object):
         if self.toparse:
             bb.event.fire(bb.event.ParseStarted(self.toparse), self.cfgdata)
 
-            self.toparse_queue = multiprocessing.Queue(len(self.willparse))
+            next_job_id = multiprocessing.Value(ctypes.c_int, 0)
             self.parser_quit = multiprocessing.Event()
             self.result_queue = multiprocessing.Queue()
 
             # Have to pass in willparse at fork time so all parsing processes have the unpickleable data
             # then access it by index from the parse queue.
             for i in range(0, self.num_processes):
-                parser = Parser(self.willparse, self.toparse_queue, self.result_queue, self.parser_quit, self.cooker.configuration.profile)
+                parser = Parser(self.willparse, next_job_id, self.result_queue, self.parser_quit, self.cooker.configuration.profile)
                 parser.start()
                 self.process_names.append(parser.name)
                 self.processes.append(parser)
 
-            for jobid in range(len(self.willparse)):
-                self.toparse_queue.put(jobid)
-            self.toparse_queue.close()
-
             self.results = itertools.chain(self.results, self.parse_generator())
 
     def shutdown(self, clean=True, eventmsg="Parsing halted due to errors"):
diff --git a/meta/classes-global/sanity.bbclass b/meta/classes-global/sanity.bbclass
index 1044ed9cc6..d875a022db 100644
--- a/meta/classes-global/sanity.bbclass
+++ b/meta/classes-global/sanity.bbclass
@@ -672,6 +672,8 @@ def check_sanity_sstate_dir_change(sstate_dir, data):
     return testmsg
 
 def check_sanity_version_change(status, d):
+    import glob
+
     # Sanity checks to be done when SANITY_VERSION or NATIVELSBSTRING changes
     # In other words, these tests run once in a given build directory and then 
     # never again until the sanity version or host distribution id/version changes.
@@ -703,6 +705,11 @@ def check_sanity_version_change(status, d):
     if not check_app_exists('g++', d):
         missing = missing + "C++ Compiler (g++),"
 
+    # installing emacs on Ubuntu 24.04 pulls in emacs-gtk -> libgcc-14-dev despite gcc being 13
+    # this breaks libcxx-native and compiler-rt-native builds so tell the user to fix things
+    if glob.glob("/usr/lib/gcc/*/14/libgcc_s.so") and not glob.glob("/usr/lib/gcc/*/14/libstdc++.so"):
+        status.addresult('libgcc-14-dev is installed and not libstdc++-14-dev which will break clang native compiles. Please remove one or install the other.')
+
     required_utilities = d.getVar('SANITY_REQUIRED_UTILITIES')
 
     for util in required_utilities.split():
diff --git a/meta/classes-recipe/kernel-fit-image.bbclass b/meta/classes-recipe/kernel-fit-image.bbclass
index 39845997ed..fd4c6a30fe 100644
--- a/meta/classes-recipe/kernel-fit-image.bbclass
+++ b/meta/classes-recipe/kernel-fit-image.bbclass
@@ -173,7 +173,7 @@ do_deploy() {
     fi
 
     if [ -n "${INITRAMFS_IMAGE}" ]; then
-        ln -snf fit-image-its "$deploy_dir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
+        ln -snf fit-image.its "$deploy_dir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_NAME}.its"
         if [ -n "${KERNEL_FIT_LINK_NAME}" ]; then
             ln -snf fit-image.its "$deploy_dir/fitImage-its-${INITRAMFS_IMAGE_NAME}-${KERNEL_FIT_LINK_NAME}"
         fi
diff --git a/meta/classes/toolchain/clang-native.bbclass b/meta/classes/toolchain/clang-native.bbclass
index c8b20ff8c4..4de491a1cb 100644
--- a/meta/classes/toolchain/clang-native.bbclass
+++ b/meta/classes/toolchain/clang-native.bbclass
@@ -16,10 +16,3 @@ BUILD_READELF = "${BUILD_PREFIX}llvm-readelf"
 DEPENDS += "clang-native libcxx-native compiler-rt-native"
 
 LDFLAGS += " --rtlib=libgcc --unwindlib=libgcc"
-
-# Some systems can have mixed gcc development headers, such as pieces of both gcc 13
-# and 14 which can cause build failures, particularly if libgcc and libstdc++ for
-# gcc 13 are present but only libgcc for gcc 14 and not libstdc++ when the gcc
-# version is gcc 13. Force the gcc install that matches gcc itself
-BUILD_CFLAGS:append:class-native = " --gcc-install-dir=$(dirname $(gcc -print-libgcc-file-name))"
-BUILD_CXXFLAGS:append:class-native = " --gcc-install-dir=$(dirname $(gcc -print-libgcc-file-name))"
diff --git a/meta/conf/bitbake.conf b/meta/conf/bitbake.conf
index b1f8ac5b11..bd186ffeec 100644
--- a/meta/conf/bitbake.conf
+++ b/meta/conf/bitbake.conf
@@ -745,7 +745,7 @@ SRC_URI = ""
 PSEUDO_LOCALSTATEDIR ?= "${WORKDIR}/pseudo/"
 PSEUDO_PASSWD ?= "${STAGING_DIR_TARGET}:${PSEUDO_SYSROOT}"
 PSEUDO_SYSROOT = "${COMPONENTS_DIR}/${BUILD_ARCH}/pseudo-native"
-PSEUDO_INCLUDE_PATHS = "/proc,${WORKDIR}/image,${WORKDIR}/package,${WORKDIR}/rootfs,${WORKDIR}/sstate-build-package/,${WORKDIR}/sstate-install-package/,${WORKDIR}/pkgdata,${WORKDIR}/minidebuginfo"
+PSEUDO_INCLUDE_PATHS = "/proc,${WORKDIR}/image,${WORKDIR}/package,${WORKDIR}/rootfs,${WORKDIR}/sstate-build-package/,${WORKDIR}/sstate-install-package/,${WORKDIR}/pkgdata,${WORKDIR}/minidebuginfo,${WORKDIR}/devtool-deploy-target-stripped"
 
 export PSEUDO_DISABLED = "1"
 #export PSEUDO_PREFIX = "${STAGING_DIR_NATIVE}${prefix_native}"
diff --git a/meta/conf/distro/include/ptest-packagelists.inc b/meta/conf/distro/include/ptest-packagelists.inc
index 4253c7b062..4451e00b48 100644
--- a/meta/conf/distro/include/ptest-packagelists.inc
+++ b/meta/conf/distro/include/ptest-packagelists.inc
@@ -25,6 +25,7 @@ PTESTS_FAST = "\
     gdk-pixbuf \
     glib-networking \
     gzip \
+    icu \
     json-c \
     json-glib \
     libconvert-asn1-perl \
diff --git a/meta/lib/oeqa/selftest/cases/devtool.py b/meta/lib/oeqa/selftest/cases/devtool.py
index 9fc3eaa311..a11934852a 100644
--- a/meta/lib/oeqa/selftest/cases/devtool.py
+++ b/meta/lib/oeqa/selftest/cases/devtool.py
@@ -16,7 +16,7 @@ import json
 
 from oeqa.selftest.case import OESelftestTestCase
 from oeqa.utils.commands import runCmd, bitbake, get_bb_var, create_temp_layer
-from oeqa.utils.commands import get_bb_vars, runqemu, get_test_layer
+from oeqa.utils.commands import get_bb_vars, runqemu, runqemu_check_taps, get_test_layer
 from oeqa.core.decorator import OETestTag
 
 oldmetapath = None
@@ -277,18 +277,8 @@ class DevtoolTestCase(OESelftestTestCase):
         machine = get_bb_var('MACHINE')
         if not machine.startswith('qemu'):
             self.skipTest('This test only works with qemu machines')
-        if not os.path.exists('/etc/runqemu-nosudo'):
+        if not runqemu_check_taps():
             self.skipTest('You must set up tap devices with scripts/runqemu-gen-tapdevs before running this test')
-        result = runCmd('PATH="$PATH:/sbin:/usr/sbin" ip tuntap show', ignore_status=True)
-        if result.status != 0:
-            result = runCmd('PATH="$PATH:/sbin:/usr/sbin" ifconfig -a', ignore_status=True)
-            if result.status != 0:
-                self.skipTest('Failed to determine if tap devices exist with ifconfig or ip: %s' % result.output)
-        for line in result.output.splitlines():
-            if line.startswith('tap'):
-                break
-        else:
-            self.skipTest('No tap devices found - you must set up tap devices with scripts/runqemu-gen-tapdevs before running this test')
 
     def _test_devtool_add_git_url(self, git_url, version, pn, resulting_src_uri, srcrev=None):
         self.track_for_cleanup(self.workspacedir)
diff --git a/meta/lib/oeqa/utils/commands.py b/meta/lib/oeqa/utils/commands.py
index b60a6e6c38..5eaedd2fd9 100644
--- a/meta/lib/oeqa/utils/commands.py
+++ b/meta/lib/oeqa/utils/commands.py
@@ -401,6 +401,16 @@ def runqemu(pn, ssh=True, runqemuparams='', image_fstype=None, launch_cmd=None,
         targetlogger.removeHandler(handler)
         qemu.stop()
 
+def runqemu_check_taps():
+    """Check if tap devices for runqemu are available"""
+    result = runCmd('PATH="$PATH:/sbin:/usr/sbin" ip tuntap show', ignore_status=True)
+    if result.status != 0:
+        return False
+    for line in result.output.splitlines():
+        if line.startswith('tap'):
+            return True
+    return False
+
 def updateEnv(env_file):
     """
     Source a file and update environment.
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
index f6059d73cb..aec6446f0e 100644
--- a/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp-ddns.service
@@ -6,6 +6,7 @@ After=time-sync.target
 
 [Service]
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/
 ExecStart=@SBINDIR@/kea-dhcp-ddns -c @SYSCONFDIR@/kea/kea-dhcp-ddns.conf
 
 [Install]
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp4.service b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
index b851ea71c5..a2ed4edb59 100644
--- a/meta/recipes-connectivity/kea/files/kea-dhcp4.service
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp4.service
@@ -6,6 +6,7 @@ After=time-sync.target
 
 [Service]
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
 ExecStart=@SBINDIR@/kea-dhcp4 -c @SYSCONFDIR@/kea/kea-dhcp4.conf
 
diff --git a/meta/recipes-connectivity/kea/files/kea-dhcp6.service b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
index 0f9f0ef8d9..ed6e017d0c 100644
--- a/meta/recipes-connectivity/kea/files/kea-dhcp6.service
+++ b/meta/recipes-connectivity/kea/files/kea-dhcp6.service
@@ -6,6 +6,7 @@ After=time-sync.target
 
 [Service]
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/run/kea/
+ExecStartPre=@BASE_BINDIR@/chmod 750 @LOCALSTATEDIR@/run/kea/
 ExecStartPre=@BASE_BINDIR@/mkdir -p @LOCALSTATEDIR@/lib/kea
 ExecStart=@SBINDIR@/kea-dhcp6 -c @SYSCONFDIR@/kea/kea-dhcp6.conf
 
diff --git a/meta/recipes-connectivity/openssl/openssl_3.5.0.bb b/meta/recipes-connectivity/openssl/openssl_3.5.0.bb
index 0f5c28dafa..a7d08d5b86 100644
--- a/meta/recipes-connectivity/openssl/openssl_3.5.0.bb
+++ b/meta/recipes-connectivity/openssl/openssl_3.5.0.bb
@@ -192,6 +192,11 @@ do_install:append:class-native () {
             SSL_CERT_FILE=\${SSL_CERT_FILE:-${libdir}/ssl-3/cert.pem} \
             OPENSSL_ENGINES=\${OPENSSL_ENGINES:-${libdir}/engines-3} \
             OPENSSL_MODULES=\${OPENSSL_MODULES:-${libdir}/ossl-modules}
+
+        # Setting ENGINESDIR and MODULESDIR to invalid paths prevents host contamination,
+        # but also breaks the generated libcrypto.pc file. Post-Fix it manually here.
+        sed -i 's|^enginesdir=\($.libdir.\)/.*|enginesdir=\1/engines-3|' ${D}${libdir}/pkgconfig/libcrypto.pc
+        sed -i 's|^modulesdir=\($.libdir.\)/.*|modulesdir=\1/ossl-modules|' ${D}${libdir}/pkgconfig/libcrypto.pc
 }
 
 do_install:append:class-nativesdk () {
diff --git a/meta/recipes-core/initrdscripts/initramfs-framework/overlayroot b/meta/recipes-core/initrdscripts/initramfs-framework/overlayroot
index 0d41432878..db164d9846 100644
--- a/meta/recipes-core/initrdscripts/initramfs-framework/overlayroot
+++ b/meta/recipes-core/initrdscripts/initramfs-framework/overlayroot
@@ -38,10 +38,10 @@
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 
 # We get OLDROOT from the rootfs module
-OLDROOT="/rootfs"
+OLDROOT="${ROOTFS_DIR}"
 
-NEWROOT="${RWMOUNT}/root"
 RWMOUNT="/overlay"
+NEWROOT="${RWMOUNT}/root"
 ROMOUNT="${RWMOUNT}/rofs"
 UPPER_DIR="${RWMOUNT}/upper"
 WORK_DIR="${RWMOUNT}/work"
@@ -115,4 +115,9 @@ mount -n --move /proc ${NEWROOT}/proc
 mount -n --move /sys ${NEWROOT}/sys
 mount -n --move /dev ${NEWROOT}/dev
 
+# Mount/move boot if is already mounted
+if mountpoint -q ${OLDROOT}/boot; then
+    mount -n --move ${OLDROOT}/boot ${NEWROOT}/boot
+fi
+
 exec chroot ${NEWROOT}/ ${bootparam_init:-/sbin/init} || exit_gracefully "Couldn't chroot into overlay"
diff --git a/meta/recipes-core/systemd/systemd_257.6.bb b/meta/recipes-core/systemd/systemd_257.6.bb
index 5f7f20c434..9092d02c51 100644
--- a/meta/recipes-core/systemd/systemd_257.6.bb
+++ b/meta/recipes-core/systemd/systemd_257.6.bb
@@ -189,7 +189,7 @@ PACKAGECONFIG[no-dns-fallback] = "-Ddns-servers="
 PACKAGECONFIG[no-ntp-fallback] = "-Dntp-servers="
 PACKAGECONFIG[nss] = "-Dnss-systemd=true,-Dnss-systemd=false,,libnss-systemd"
 PACKAGECONFIG[nss-mymachines] = "-Dnss-mymachines=enabled,-Dnss-mymachines=disabled"
-PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=enabled,-Dnss-resolve=disabled"
+PACKAGECONFIG[nss-resolve] = "-Dnss-resolve=enabled,-Dnss-resolve=disabled,,libnss-resolve"
 PACKAGECONFIG[oomd] = "-Doomd=true,-Doomd=false"
 PACKAGECONFIG[openssl] = "-Dopenssl=enabled,-Dopenssl=disabled,openssl"
 PACKAGECONFIG[p11kit] = "-Dp11kit=enabled,-Dp11kit=disabled,p11-kit"
diff --git a/meta/recipes-devtools/mmc/mmc-utils_git.bb b/meta/recipes-devtools/mmc/mmc-utils_git.bb
index f3944aebf0..5b6a5f3777 100644
--- a/meta/recipes-devtools/mmc/mmc-utils_git.bb
+++ b/meta/recipes-devtools/mmc/mmc-utils_git.bb
@@ -5,12 +5,11 @@ LICENSE = "GPL-2.0-only"
 LIC_FILES_CHKSUM = "file://mmc.c;beginline=1;endline=20;md5=fae32792e20f4d27ade1c5a762d16b7d"
 
 SRCBRANCH ?= "master"
-SRCREV = "c515ea2e1cebfbf9d81aa6a5c1bf67a79d2a7e58"
+SRCREV = "d8a8358a7207bd81d0c38dca2cf27a48bf411341"
 
-PV = "0.1+git"
+PV = "1.0"
 
-SRC_URI = "git://git.kernel.org/pub/scm/utils/mmc/mmc-utils.git;branch=${SRCBRANCH};protocol=https"
-UPSTREAM_CHECK_COMMITS = "1"
+SRC_URI = "git://git.kernel.org/pub/scm/utils/mmc/mmc-utils.git;branch=${SRCBRANCH};protocol=https;tag=v${PV}"
 
 DEPENDS = "python3-sphinx-native"
 EXTRA_OEMAKE = "C="
diff --git a/meta/recipes-devtools/python/python3-pdm_2.25.3.bb b/meta/recipes-devtools/python/python3-pdm_2.25.4.bb
index f3ec4e60d3..1e25e18974 100644
--- a/meta/recipes-devtools/python/python3-pdm_2.25.3.bb
+++ b/meta/recipes-devtools/python/python3-pdm_2.25.4.bb
@@ -4,7 +4,7 @@ LICENSE = "MIT"
 SECTION = "devel/python"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=2eb31a2cc1a758c34b499f287dd04ef2"
 
-SRC_URI[sha256sum] = "6d0820f805dacf64d55a7fe56777e7d8349a2ee35efc3006f29b4573d1311c84"
+SRC_URI[sha256sum] = "bd655d789429928d6e27ff6693c19c82bc81aa75ba51d7b1c6102d039c8f211c"
 
 inherit pypi python_setuptools_build_meta
 
diff --git a/meta/recipes-extended/screen/screen_5.0.0.bb b/meta/recipes-extended/screen/screen_5.0.1.bb
index fec5663fc2..69f4098519 100644
--- a/meta/recipes-extended/screen/screen_5.0.0.bb
+++ b/meta/recipes-extended/screen/screen_5.0.1.bb
@@ -20,7 +20,7 @@ SRC_URI = "${GNU_MIRROR}/screen/screen-${PV}.tar.gz \
            ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'file://screen.pam', '', d)} \
            "
 
-SRC_URI[sha256sum] = "f04a39d00a0e5c7c86a55338808903082ad5df4d73df1a2fd3425976aed94971"
+SRC_URI[sha256sum] = "2dae36f4db379ffcd14b691596ba6ec18ac3a9e22bc47ac239789ab58409869d"
 
 inherit autotools-brokensep texinfo
 
diff --git a/meta/recipes-extended/sudo/sudo_1.9.17.bb b/meta/recipes-extended/sudo/sudo_1.9.17p1.bb
index 71d48f448d..83bfc0621c 100644
--- a/meta/recipes-extended/sudo/sudo_1.9.17.bb
+++ b/meta/recipes-extended/sudo/sudo_1.9.17p1.bb
@@ -7,7 +7,7 @@ SRC_URI = "https://www.sudo.ws/dist/sudo-${PV}.tar.gz \
 
 PAM_SRC_URI = "file://sudo.pam"
 
-SRC_URI[sha256sum] = "3f212c69d534d5822b492d099abb02a593f91ca99f5afde5cb9bd3e1dcdad069"
+SRC_URI[sha256sum] = "ff607ea717072197738a78f778692cd6df9a7e3e404565f51de063ca27455d32"
 
 DEPENDS += " virtual/crypt ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
 RDEPENDS:${PN} += " ${@bb.utils.contains('DISTRO_FEATURES', 'pam', 'pam-plugin-limits pam-plugin-keyinit', '', d)}"
diff --git a/meta/recipes-graphics/spir/spirv-llvm-translator_20.1.2.bb b/meta/recipes-graphics/spir/spirv-llvm-translator_20.1.4.bb
index 4952e8ba4f..14e4bb74ac 100644
--- a/meta/recipes-graphics/spir/spirv-llvm-translator_20.1.2.bb
+++ b/meta/recipes-graphics/spir/spirv-llvm-translator_20.1.4.bb
@@ -6,12 +6,11 @@ LIC_FILES_CHKSUM = "file://LICENSE.TXT;md5=47e311aa9caedd1b3abf098bd7814d1d"
 
 # pattern: llvm_branch_200, currently there are no minor releases, so, no llvm_branch_201
 SPIRV_BRANCH = "llvm_release_${@oe.utils.trim_version('${PV}', 1).replace('.', '')}0"
+SRCREV = "74843f2186bb63b6802758222084da17fcbe603c"
 SRC_URI = " \
-    git://github.com/KhronosGroup/SPIRV-LLVM-Translator;protocol=https;name=spirv;branch=${SPIRV_BRANCH} \
+    git://github.com/KhronosGroup/SPIRV-LLVM-Translator;protocol=https;tag=v${PV};branch=${SPIRV_BRANCH} \
 "
 
-SRCREV_spirv = "6dd8f2a1681a27f16c53d932d2765920f312aeb2"
-
 UPSTREAM_CHECK_GITTAGREGEX = "v(?P<pver>\d+(\.\d+)+)"
 
 DEPENDS = "clang spirv-tools spirv-headers"
diff --git a/meta/recipes-graphics/wayland/wayland-protocols_1.45.bb b/meta/recipes-graphics/wayland/wayland-protocols_1.45.bb
index d98ccf964f..840d196ace 100644
--- a/meta/recipes-graphics/wayland/wayland-protocols_1.45.bb
+++ b/meta/recipes-graphics/wayland/wayland-protocols_1.45.bb
@@ -9,8 +9,8 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=c7b12b6702da38ca028ace54aae3d484 \
                     file://stable/presentation-time/presentation-time.xml;endline=26;md5=4646cd7d9edc9fa55db941f2d3a7dc53"
 
-SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-protocols/-/releases/${PV}/downloads/wayland-protocols-${PV}.tar.xz"
-SRC_URI[sha256sum] = "4d2b2a9e3e099d017dc8107bf1c334d27bb87d9e4aff19a0c8d856d17cd41ef0"
+SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-protocols/-/archive/${PV}/wayland-protocols-${PV}.tar.bz2"
+SRC_URI[sha256sum] = "b73315c26d6c3374c19c2dff7e491f019d8597dc4dcd4473d9181f676f15f48f"
 
 UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/wayland/wayland-protocols/-/tags"
 UPSTREAM_CHECK_REGEX = "releases/(?P<pver>.+)"
diff --git a/meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb b/meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb
index 59d414a0a6..47fae72666 100644
--- a/meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb
+++ b/meta/recipes-graphics/wayland/wayland-utils_1.2.0.bb
@@ -9,8 +9,8 @@ LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://COPYING;md5=548a66038a77415e1df51118625e832f \
                    "
 
-SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-utils/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "d9278c22554586881802540751bcc42569262bf80cd9ac9b0fd12ff4bd09a9e4"
+SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland-utils/-/archive/${PV}/${BPN}-${PV}.tar.bz2"
+SRC_URI[sha256sum] = "f38c6a4ca2113cf716ca687a4cd8e24a11cbeeb04759678b7bb2da7d16335d18"
 
 UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/wayland/wayland-utils/-/tags"
 UPSTREAM_CHECK_REGEX = "releases/(?P<pver>.+)"
diff --git a/meta/recipes-graphics/wayland/wayland_1.23.1.bb b/meta/recipes-graphics/wayland/wayland_1.23.1.bb
index 3a5d91be04..1b29f7762e 100644
--- a/meta/recipes-graphics/wayland/wayland_1.23.1.bb
+++ b/meta/recipes-graphics/wayland/wayland_1.23.1.bb
@@ -12,11 +12,11 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=b31d8f53b6aaf2b4985d7dd7810a70d1 \
 
 DEPENDS = "expat libffi wayland-native"
 
-SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland/-/releases/${PV}/downloads/${BPN}-${PV}.tar.xz \
+SRC_URI = "https://gitlab.freedesktop.org/wayland/wayland/-/archive/${PV}/${BPN}-${PV}.tar.bz2 \
            file://run-ptest \
            file://0001-build-Fix-strndup-detection-on-MinGW.patch \
            "
-SRC_URI[sha256sum] = "864fb2a8399e2d0ec39d56e9d9b753c093775beadc6022ce81f441929a81e5ed"
+SRC_URI[sha256sum] = "4afcf2942a39d8276d06dcefc89dfaf029222994778fd4c49aa68a702ebf698f"
 
 UPSTREAM_CHECK_URI = "https://gitlab.freedesktop.org/wayland/wayland/-/tags"
 UPSTREAM_CHECK_REGEX = "releases/(?P<pver>\d+\.\d+\.(?!9\d+)\d+)"
diff --git a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
index b6082edf5c..98e90078d4 100644
--- a/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
+++ b/meta/recipes-kernel/linux/cve-exclusion_6.12.inc
@@ -1,10 +1,11 @@
 
 # Auto-generated CVE metadata, DO NOT EDIT BY HAND.
-# Generated at 2025-06-05 16:29:20.725105+00:00 for kernel version 6.12.31
-# From cvelistV5 cve_2025-06-05_1600Z
+# Generated at 2025-07-09 07:57:09.220247+00:00 for kernel version 6.12.36
+# From cvelistV5 cve_2025-07-09_0700Z-1-gca2b12e7c08
+
 
 python check_kernel_cve_status_version() {
-    this_version = "6.12.31"
+    this_version = "6.12.36"
     kernel_version = d.getVar("LINUX_VERSION")
     if kernel_version != this_version:
         bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version))
@@ -535,8 +536,6 @@ CVE_STATUS[CVE-2021-47142] = "fixed-version: Fixed from version 5.13"
 
 CVE_STATUS[CVE-2021-47143] = "fixed-version: Fixed from version 5.13"
 
-CVE_STATUS[CVE-2021-47144] = "fixed-version: Fixed from version 5.13"
-
 CVE_STATUS[CVE-2021-47145] = "fixed-version: Fixed from version 5.13"
 
 CVE_STATUS[CVE-2021-47146] = "fixed-version: Fixed from version 5.13"
@@ -913,7 +912,7 @@ CVE_STATUS[CVE-2021-47340] = "fixed-version: Fixed from version 5.14"
 
 CVE_STATUS[CVE-2021-47341] = "fixed-version: Fixed from version 5.14"
 
-CVE_STATUS[CVE-2021-47342] = "fixed-version: Fixed from version 5.14"
+CVE_STATUS[CVE-2021-47342] = "fixed-version: Fixed from version 5.10.77"
 
 CVE_STATUS[CVE-2021-47343] = "fixed-version: Fixed from version 5.14"
 
@@ -2835,8 +2834,6 @@ CVE_STATUS[CVE-2022-49297] = "fixed-version: Fixed from version 5.19"
 
 CVE_STATUS[CVE-2022-49298] = "fixed-version: Fixed from version 5.19"
 
-CVE_STATUS[CVE-2022-49299] = "fixed-version: Fixed from version 5.19"
-
 CVE_STATUS[CVE-2022-49300] = "fixed-version: Fixed from version 5.19"
 
 CVE_STATUS[CVE-2022-49301] = "fixed-version: Fixed from version 5.19"
@@ -4077,6 +4074,588 @@ CVE_STATUS[CVE-2022-49931] = "fixed-version: Fixed from version 6.1"
 
 CVE_STATUS[CVE-2022-49932] = "fixed-version: Fixed from version 6.3"
 
+CVE_STATUS[CVE-2022-49934] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49935] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49936] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49937] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49938] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49939] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49940] = "fixed-version: Fixed from version 5.19.8"
+
+CVE_STATUS[CVE-2022-49942] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49943] = "fixed-version: Fixed from version 5.19.8"
+
+CVE_STATUS[CVE-2022-49944] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49945] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49946] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49947] = "fixed-version: Fixed from version 5.19.8"
+
+CVE_STATUS[CVE-2022-49948] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49949] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49950] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49951] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49952] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49953] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49954] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49955] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49956] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49957] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49958] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49959] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49960] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49961] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49962] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49963] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49964] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49965] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49966] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49967] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49968] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49969] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49970] = "fixed-version: Fixed from version 5.19.8"
+
+CVE_STATUS[CVE-2022-49971] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49972] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49973] = "fixed-version: Fixed from version 5.19.8"
+
+CVE_STATUS[CVE-2022-49974] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49975] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49976] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49977] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49978] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49979] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49980] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49981] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49982] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49983] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49984] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49985] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49986] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49987] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49989] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49990] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49991] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49992] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49993] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49994] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49995] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49996] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49997] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49998] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-49999] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50000] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50001] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50002] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50003] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50004] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50005] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50006] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50007] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50008] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50009] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50010] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50011] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50012] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50013] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50014] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50015] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50016] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50017] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50019] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50020] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50021] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50022] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50023] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50024] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50025] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50026] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50027] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50028] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50029] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50030] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50031] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50032] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50033] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50034] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50035] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50036] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50037] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50038] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50039] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50040] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50041] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50042] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50043] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50044] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50045] = "fixed-version: Fixed from version 5.19.4"
+
+CVE_STATUS[CVE-2022-50046] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50047] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50048] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50049] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50050] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50051] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50052] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50053] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50054] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50055] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50056] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50057] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50058] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50059] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50060] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50061] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50062] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50063] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50064] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50065] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50066] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50067] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50068] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50069] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50070] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50071] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50072] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50073] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50074] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50075] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50076] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50077] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50078] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50079] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50080] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50082] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50083] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50084] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50085] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50086] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50087] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50088] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50089] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50090] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50091] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50092] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50093] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50094] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50095] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50096] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50097] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50098] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50099] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50100] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50101] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50102] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50103] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50104] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50105] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50106] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50107] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50108] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50109] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50110] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50111] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50112] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50113] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50114] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50115] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50116] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50117] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50118] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50119] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50120] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50121] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50122] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50123] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50124] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50125] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50126] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50127] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50129] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50130] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50131] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50132] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50133] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50134] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50135] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50136] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50137] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50138] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50139] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50140] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50141] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50142] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50143] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50144] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50145] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50146] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50147] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50148] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50149] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50151] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50152] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50153] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50154] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50155] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50156] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50157] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50158] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50159] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50160] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50161] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50162] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50163] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50164] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50165] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50166] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50167] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50168] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50169] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50170] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50171] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50172] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50173] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50174] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50175] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50176] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50177] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50178] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50179] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50181] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50182] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50183] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50184] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50185] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50186] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50187] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50188] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50189] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50190] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50191] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50192] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50193] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50194] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50195] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50196] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50197] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50198] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50199] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50200] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50201] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50202] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50203] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50204] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50205] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50206] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50207] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50208] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50209] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50210] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50211] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50212] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50213] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50214] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50215] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50217] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50218] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50219] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50220] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50221] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50222] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50223] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50224] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50225] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50226] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50227] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50228] = "fixed-version: Fixed from version 6.0"
+
+CVE_STATUS[CVE-2022-50229] = "fixed-version: Fixed from version 6.0"
+
+# CVE-2022-50230 has no known resolution
+
+CVE_STATUS[CVE-2022-50231] = "fixed-version: Fixed from version 6.0"
+
+# CVE-2022-50232 has no known resolution
+
 # CVE-2023-34319 has no known resolution
 
 # CVE-2023-34324 has no known resolution
@@ -4561,8 +5140,6 @@ CVE_STATUS[CVE-2023-52731] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2023-52732] = "fixed-version: Fixed from version 6.2"
 
-# CVE-2023-52733 has no known resolution
-
 CVE_STATUS[CVE-2023-52735] = "fixed-version: Fixed from version 6.2"
 
 CVE_STATUS[CVE-2023-52736] = "fixed-version: Fixed from version 6.2"
@@ -5525,7 +6102,7 @@ CVE_STATUS[CVE-2024-26708] = "fixed-version: Fixed from version 6.8"
 
 CVE_STATUS[CVE-2024-26709] = "fixed-version: Fixed from version 6.8"
 
-# CVE-2024-26710 has no known resolution
+CVE_STATUS[CVE-2024-26710] = "fixed-version: Fixed from version 6.7.6"
 
 CVE_STATUS[CVE-2024-26711] = "fixed-version: Fixed from version 6.8"
 
@@ -5689,8 +6266,6 @@ CVE_STATUS[CVE-2024-26792] = "fixed-version: Fixed from version 6.7.9"
 
 CVE_STATUS[CVE-2024-26793] = "fixed-version: Fixed from version 6.8"
 
-CVE_STATUS[CVE-2024-26794] = "fixed-version: Fixed from version 6.7.9"
-
 CVE_STATUS[CVE-2024-26795] = "fixed-version: Fixed from version 6.8"
 
 CVE_STATUS[CVE-2024-26796] = "fixed-version: Fixed from version 6.8"
@@ -6345,8 +6920,6 @@ CVE_STATUS[CVE-2024-35786] = "fixed-version: Fixed from version 6.8"
 
 CVE_STATUS[CVE-2024-35787] = "fixed-version: Fixed from version 6.9"
 
-# CVE-2024-35788 has no known resolution
-
 CVE_STATUS[CVE-2024-35789] = "fixed-version: Fixed from version 6.9"
 
 CVE_STATUS[CVE-2024-35790] = "fixed-version: Fixed from version 6.8"
@@ -6793,8 +7366,6 @@ CVE_STATUS[CVE-2024-36020] = "fixed-version: Fixed from version 6.9"
 
 CVE_STATUS[CVE-2024-36021] = "fixed-version: Fixed from version 6.9"
 
-CVE_STATUS[CVE-2024-36022] = "fixed-version: Fixed from version 6.9"
-
 CVE_STATUS[CVE-2024-36023] = "fixed-version: Fixed from version 6.9"
 
 CVE_STATUS[CVE-2024-36024] = "fixed-version: Fixed from version 6.9"
@@ -8421,8 +8992,6 @@ CVE_STATUS[CVE-2024-44953] = "fixed-version: Fixed from version 6.11"
 
 CVE_STATUS[CVE-2024-44954] = "fixed-version: Fixed from version 6.11"
 
-CVE_STATUS[CVE-2024-44955] = "fixed-version: Fixed from version 6.11"
-
 CVE_STATUS[CVE-2024-44956] = "fixed-version: Fixed from version 6.11"
 
 CVE_STATUS[CVE-2024-44957] = "fixed-version: Fixed from version 6.11"
@@ -8631,8 +9200,6 @@ CVE_STATUS[CVE-2024-46698] = "fixed-version: Fixed from version 6.11"
 
 CVE_STATUS[CVE-2024-46699] = "fixed-version: Fixed from version 6.11"
 
-# CVE-2024-46700 has no known resolution
-
 CVE_STATUS[CVE-2024-46701] = "fixed-version: Fixed from version 6.11"
 
 CVE_STATUS[CVE-2024-46702] = "fixed-version: Fixed from version 6.11"
@@ -9545,8 +10112,6 @@ CVE_STATUS[CVE-2024-50030] = "fixed-version: Fixed from version 6.12"
 
 CVE_STATUS[CVE-2024-50031] = "fixed-version: Fixed from version 6.12"
 
-CVE_STATUS[CVE-2024-50032] = "fixed-version: Fixed from version 6.11.4"
-
 CVE_STATUS[CVE-2024-50033] = "fixed-version: Fixed from version 6.12"
 
 CVE_STATUS[CVE-2024-50034] = "fixed-version: Fixed from version 6.12"
@@ -11011,8 +11576,6 @@ CVE_STATUS[CVE-2024-56784] = "cpe-stable-backport: Backported in 6.12.5"
 
 CVE_STATUS[CVE-2024-56785] = "cpe-stable-backport: Backported in 6.12.5"
 
-CVE_STATUS[CVE-2024-56786] = "cpe-stable-backport: Backported in 6.12.5"
-
 CVE_STATUS[CVE-2024-56787] = "cpe-stable-backport: Backported in 6.12.5"
 
 CVE_STATUS[CVE-2024-56788] = "cpe-stable-backport: Backported in 6.12.7"
@@ -11155,8 +11718,6 @@ CVE_STATUS[CVE-2024-57918] = "cpe-stable-backport: Backported in 6.12.10"
 
 CVE_STATUS[CVE-2024-57919] = "cpe-stable-backport: Backported in 6.12.10"
 
-# CVE-2024-57920 has no known resolution
-
 CVE_STATUS[CVE-2024-57921] = "cpe-stable-backport: Backported in 6.12.10"
 
 CVE_STATUS[CVE-2024-57922] = "cpe-stable-backport: Backported in 6.12.10"
@@ -11227,7 +11788,7 @@ CVE_STATUS[CVE-2024-57974] = "cpe-stable-backport: Backported in 6.12.13"
 
 CVE_STATUS[CVE-2024-57975] = "cpe-stable-backport: Backported in 6.12.13"
 
-# CVE-2024-57976 needs backporting (fixed from 6.14)
+CVE_STATUS[CVE-2024-57976] = "cpe-stable-backport: Backported in 6.12.36"
 
 CVE_STATUS[CVE-2024-57977] = "cpe-stable-backport: Backported in 6.12.13"
 
@@ -11405,7 +11966,7 @@ CVE_STATUS[CVE-2024-58089] = "cpe-stable-backport: Backported in 6.12.17"
 
 CVE_STATUS[CVE-2024-58090] = "cpe-stable-backport: Backported in 6.12.18"
 
-# CVE-2024-58091 needs backporting (fixed from 6.14)
+CVE_STATUS[CVE-2024-58091] = "cpe-stable-backport: Backported in 6.12.36"
 
 CVE_STATUS[CVE-2024-58092] = "cpe-stable-backport: Backported in 6.12.22"
 
@@ -11789,7 +12350,7 @@ CVE_STATUS[CVE-2025-21815] = "cpe-stable-backport: Backported in 6.12.14"
 
 CVE_STATUS[CVE-2025-21816] = "cpe-stable-backport: Backported in 6.12.14"
 
-# CVE-2025-21817 needs backporting (fixed from 6.14)
+CVE_STATUS[CVE-2025-21817] = "fixed-version: only affects 6.13.2 onwards"
 
 CVE_STATUS[CVE-2025-21819] = "cpe-stable-backport: Backported in 6.12.14"
 
@@ -12351,7 +12912,7 @@ CVE_STATUS[CVE-2025-22099] = "fixed-version: only affects 6.14 onwards"
 
 CVE_STATUS[CVE-2025-22100] = "fixed-version: only affects 6.13 onwards"
 
-# CVE-2025-22101 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-22101] = "cpe-stable-backport: Backported in 6.12.36"
 
 CVE_STATUS[CVE-2025-22102] = "cpe-stable-backport: Backported in 6.12.30"
 
@@ -12373,7 +12934,7 @@ CVE_STATUS[CVE-2025-22110] = "fixed-version: only affects 6.14 onwards"
 
 # CVE-2025-22111 needs backporting (fixed from 6.15)
 
-CVE_STATUS[CVE-2025-22112] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-22112] = "cpe-stable-backport: Backported in 6.12.35"
 
 # CVE-2025-22113 needs backporting (fixed from 6.15)
 
@@ -12387,15 +12948,15 @@ CVE_STATUS[CVE-2025-22114] = "fixed-version: only affects 6.14 onwards"
 
 CVE_STATUS[CVE-2025-22118] = "fixed-version: only affects 6.13 onwards"
 
-CVE_STATUS[CVE-2025-22119] = "fixed-version: only affects 6.14 onwards"
+CVE_STATUS[CVE-2025-22119] = "cpe-stable-backport: Backported in 6.12.35"
 
 CVE_STATUS[CVE-2025-22120] = "cpe-stable-backport: Backported in 6.12.26"
 
 # CVE-2025-22121 needs backporting (fixed from 6.15)
 
-# CVE-2025-22122 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-22122] = "cpe-stable-backport: Backported in 6.12.33"
 
-# CVE-2025-22123 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-22123] = "cpe-stable-backport: Backported in 6.12.33"
 
 # CVE-2025-22124 needs backporting (fixed from 6.15)
 
@@ -12405,7 +12966,7 @@ CVE_STATUS[CVE-2025-22126] = "cpe-stable-backport: Backported in 6.12.25"
 
 # CVE-2025-22127 needs backporting (fixed from 6.15)
 
-# CVE-2025-22128 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-22128] = "cpe-stable-backport: Backported in 6.12.35"
 
 # CVE-2025-23129 needs backporting (fixed from 6.15)
 
@@ -12423,7 +12984,7 @@ CVE_STATUS[CVE-2025-23134] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-23136] = "cpe-stable-backport: Backported in 6.12.23"
 
-# CVE-2025-23137 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-23137] = "cpe-stable-backport: Backported in 6.12.35"
 
 CVE_STATUS[CVE-2025-23138] = "cpe-stable-backport: Backported in 6.12.23"
 
@@ -12457,7 +13018,7 @@ CVE_STATUS[CVE-2025-23153] = "fixed-version: only affects 6.14 onwards"
 
 CVE_STATUS[CVE-2025-23154] = "cpe-stable-backport: Backported in 6.12.24"
 
-# CVE-2025-23155 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-23155] = "cpe-stable-backport: Backported in 6.12.36"
 
 CVE_STATUS[CVE-2025-23156] = "cpe-stable-backport: Backported in 6.12.24"
 
@@ -12671,7 +13232,7 @@ CVE_STATUS[CVE-2025-37840] = "cpe-stable-backport: Backported in 6.12.24"
 
 CVE_STATUS[CVE-2025-37841] = "cpe-stable-backport: Backported in 6.12.24"
 
-# CVE-2025-37842 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-37842] = "cpe-stable-backport: Backported in 6.12.36"
 
 CVE_STATUS[CVE-2025-37843] = "cpe-stable-backport: Backported in 6.12.24"
 
@@ -12697,7 +13258,7 @@ CVE_STATUS[CVE-2025-37853] = "cpe-stable-backport: Backported in 6.12.24"
 
 CVE_STATUS[CVE-2025-37854] = "cpe-stable-backport: Backported in 6.12.24"
 
-# CVE-2025-37855 needs backporting (fixed from 6.15)
+CVE_STATUS[CVE-2025-37855] = "fixed-version: only affects 6.14 onwards"
 
 CVE_STATUS[CVE-2025-37856] = "cpe-stable-backport: Backported in 6.12.24"
 
@@ -12937,8 +13498,6 @@ CVE_STATUS[CVE-2025-37974] = "cpe-stable-backport: Backported in 6.12.29"
 
 CVE_STATUS[CVE-2025-37975] = "cpe-stable-backport: Backported in 6.12.25"
 
-# CVE-2025-37976 has no known resolution
-
 CVE_STATUS[CVE-2025-37977] = "cpe-stable-backport: Backported in 6.12.26"
 
 CVE_STATUS[CVE-2025-37978] = "cpe-stable-backport: Backported in 6.12.25"
@@ -12985,12 +13544,476 @@ CVE_STATUS[CVE-2025-37998] = "cpe-stable-backport: Backported in 6.12.29"
 
 CVE_STATUS[CVE-2025-37999] = "cpe-stable-backport: Backported in 6.12.29"
 
+CVE_STATUS[CVE-2025-38000] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38001] = "cpe-stable-backport: Backported in 6.12.32"
+
+CVE_STATUS[CVE-2025-38002] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38003] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38004] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38005] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38006] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38007] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38008] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38009] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38010] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38011] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38012] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38013] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38014] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38015] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38016] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38017] = "fixed-version: only affects 6.14.4 onwards"
+
+CVE_STATUS[CVE-2025-38018] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38019] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38020] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38021] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-38022] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38023] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38024] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38025] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38027] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38028] = "fixed-version: only affects 6.14 onwards"
+
+# CVE-2025-38029 needs backporting (fixed from 6.15)
+
+CVE_STATUS[CVE-2025-38031] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38032] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38033] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38034] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38035] = "cpe-stable-backport: Backported in 6.12.31"
+
+# CVE-2025-38036 needs backporting (fixed from 6.15)
+
+CVE_STATUS[CVE-2025-38037] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38038] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38039] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38040] = "cpe-stable-backport: Backported in 6.12.31"
+
+# CVE-2025-38041 needs backporting (fixed from 6.15)
+
+# CVE-2025-38042 needs backporting (fixed from 6.15)
+
+CVE_STATUS[CVE-2025-38043] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38044] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38045] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38047] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38048] = "cpe-stable-backport: Backported in 6.12.31"
+
 CVE_STATUS[CVE-2025-38049] = "cpe-stable-backport: Backported in 6.12.23"
 
+CVE_STATUS[CVE-2025-38050] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-38051] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38052] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38053] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38054] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38055] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38056] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38057] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38058] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38059] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38060] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38061] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38062] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38063] = "cpe-stable-backport: Backported in 6.12.31"
+
+# CVE-2025-38064 needs backporting (fixed from 6.15)
+
+CVE_STATUS[CVE-2025-38065] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38066] = "cpe-stable-backport: Backported in 6.12.31"
+
+# CVE-2025-38067 needs backporting (fixed from 6.15)
+
+CVE_STATUS[CVE-2025-38068] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38069] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38070] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38071] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38072] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38073] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38074] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38075] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38076] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38077] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38078] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38079] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38080] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38081] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38082] = "cpe-stable-backport: Backported in 6.12.32"
+
+CVE_STATUS[CVE-2025-38083] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38084] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38085] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38086] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38087] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38088] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38089] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38090] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38091] = "cpe-stable-backport: Backported in 6.12.32"
+
+CVE_STATUS[CVE-2025-38092] = "cpe-stable-backport: Backported in 6.12.32"
+
+CVE_STATUS[CVE-2025-38093] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38094] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38095] = "cpe-stable-backport: Backported in 6.12.30"
+
+CVE_STATUS[CVE-2025-38096] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38097] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38098] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38099] = "cpe-stable-backport: Backported in 6.12.31"
+
+CVE_STATUS[CVE-2025-38100] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38101] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38102] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38103] = "cpe-stable-backport: Backported in 6.12.34"
+
 # CVE-2025-38104 needs backporting (fixed from 6.15)
 
+# CVE-2025-38105 needs backporting (fixed from 6.16rc1)
+
+CVE_STATUS[CVE-2025-38106] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38107] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38108] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38109] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38110] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38111] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38112] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38113] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38114] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38115] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38116] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-38117] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38118] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38119] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38120] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38121] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-38122] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38123] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38124] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38125] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38126] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38127] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38128] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38129] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38130] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-38131] = "cpe-stable-backport: Backported in 6.12.34"
+
+# CVE-2025-38132 needs backporting (fixed from 6.16rc1)
+
+CVE_STATUS[CVE-2025-38133] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38134] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38135] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38136] = "cpe-stable-backport: Backported in 6.12.34"
+
+# CVE-2025-38137 needs backporting (fixed from 6.16rc1)
+
+CVE_STATUS[CVE-2025-38138] = "cpe-stable-backport: Backported in 6.12.34"
+
+# CVE-2025-38139 needs backporting (fixed from 6.16rc1)
+
+# CVE-2025-38140 needs backporting (fixed from 6.16rc1)
+
+CVE_STATUS[CVE-2025-38141] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38142] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38143] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38144] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38145] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38146] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38147] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38148] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38149] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38150] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38151] = "cpe-stable-backport: Backported in 6.12.34"
+
 CVE_STATUS[CVE-2025-38152] = "cpe-stable-backport: Backported in 6.12.23"
 
+CVE_STATUS[CVE-2025-38153] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38154] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38155] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38156] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38157] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38158] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38159] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38160] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38161] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38162] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38163] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38164] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38165] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38166] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38167] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38168] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38169] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38170] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38171] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38172] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38173] = "cpe-stable-backport: Backported in 6.12.34"
+
+CVE_STATUS[CVE-2025-38174] = "cpe-stable-backport: Backported in 6.12.33"
+
+CVE_STATUS[CVE-2025-38175] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-38176] = "fixed-version: only affects 6.14 onwards"
+
+CVE_STATUS[CVE-2025-38177] = "cpe-stable-backport: Backported in 6.12.28"
+
+CVE_STATUS[CVE-2025-38178] = "fixed-version: only affects 6.16rc1 onwards"
+
+CVE_STATUS[CVE-2025-38179] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38180] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38181] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38182] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38183] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38184] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38185] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38186] = "cpe-stable-backport: Backported in 6.12.35"
+
+# CVE-2025-38187 needs backporting (fixed from 6.16rc3)
+
+CVE_STATUS[CVE-2025-38188] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38189] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38190] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38191] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38192] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38193] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38194] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38195] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38196] = "fixed-version: only affects 6.13 onwards"
+
+CVE_STATUS[CVE-2025-38197] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38198] = "cpe-stable-backport: Backported in 6.12.35"
+
+# CVE-2025-38199 needs backporting (fixed from 6.16rc1)
+
+CVE_STATUS[CVE-2025-38200] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38201] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38202] = "cpe-stable-backport: Backported in 6.12.35"
+
+# CVE-2025-38203 needs backporting (fixed from 6.16rc1)
+
+# CVE-2025-38204 needs backporting (fixed from 6.16rc1)
+
+# CVE-2025-38205 needs backporting (fixed from 6.16rc1)
+
+# CVE-2025-38206 needs backporting (fixed from 6.16rc1)
+
+# CVE-2025-38207 needs backporting (fixed from 6.16rc1)
+
+CVE_STATUS[CVE-2025-38208] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38209] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38210] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38211] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38212] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38213] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38214] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38215] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38216] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38217] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38218] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38219] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38220] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38221] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38222] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38223] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38224] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38225] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38226] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38227] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38228] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38229] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38230] = "cpe-stable-backport: Backported in 6.12.36"
+
+CVE_STATUS[CVE-2025-38231] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38232] = "cpe-stable-backport: Backported in 6.12.35"
+
+CVE_STATUS[CVE-2025-38233] = "fixed-version: only affects 6.13 onwards"
+
+# CVE-2025-38234 needs backporting (fixed from 6.16rc1)
+
+CVE_STATUS[CVE-2025-38235] = "fixed-version: only affects 6.15 onwards"
+
+CVE_STATUS[CVE-2025-38236] = "cpe-stable-backport: Backported in 6.12.36"
+
+# CVE-2025-38237 needs backporting (fixed from 6.16rc1)
+
 CVE_STATUS[CVE-2025-38240] = "cpe-stable-backport: Backported in 6.12.23"
 
 CVE_STATUS[CVE-2025-38479] = "cpe-stable-backport: Backported in 6.12.23"
diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
index 5a7bad9017..baa13c866e 100644
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.12.bb
@@ -14,13 +14,13 @@ python () {
         raise bb.parse.SkipRecipe("Set PREFERRED_PROVIDER_virtual/kernel to linux-yocto-rt to enable it")
 }
 
-SRCREV_machine ?= "7cb6d42c40de351ecab0a083aef260f84407de0d"
-SRCREV_meta ?= "60b8562e9989f268ad5d241989f56b71cfa1f648"
+SRCREV_machine ?= "6f409db4f0082642197240f39b8a58850c8eb884"
+SRCREV_meta ?= "f8cd1607519efd135e4037c84b6e42684b12c5a8"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
-LINUX_VERSION ?= "6.12.31"
+LINUX_VERSION ?= "6.12.36"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
index 0fad73dddd..ec2136f035 100644
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.12.bb
@@ -8,7 +8,7 @@ require recipes-kernel/linux/linux-yocto.inc
 # CVE exclusions
 include recipes-kernel/linux/cve-exclusion_6.12.inc
 
-LINUX_VERSION ?= "6.12.31"
+LINUX_VERSION ?= "6.12.36"
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
 
 DEPENDS += "${@bb.utils.contains('ARCH', 'x86', 'elfutils-native', '', d)}"
@@ -17,8 +17,8 @@ DEPENDS += "openssl-native util-linux-native"
 KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
-SRCREV_machine ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0"
-SRCREV_meta ?= "60b8562e9989f268ad5d241989f56b71cfa1f648"
+SRCREV_machine ?= "5633e9a98a153afa6b2051b116faef6c5e855bd8"
+SRCREV_meta ?= "f8cd1607519efd135e4037c84b6e42684b12c5a8"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-kernel/linux/linux-yocto.inc b/meta/recipes-kernel/linux/linux-yocto.inc
index 389329030d..4d0a726bb6 100644
--- a/meta/recipes-kernel/linux/linux-yocto.inc
+++ b/meta/recipes-kernel/linux/linux-yocto.inc
@@ -37,6 +37,22 @@ KERNEL_FEATURES:append = " ${@bb.utils.contains('MACHINE_FEATURES', 'efi', 'cfg/
 KERNEL_FEATURES:append = " ${@bb.utils.contains('MACHINE_FEATURES', 'numa', 'features/numa/numa.scc', '', d)}"
 KERNEL_FEATURES:append = " ${@bb.utils.contains('MACHINE_FEATURES', 'vfat', 'cfg/fs/vfat.scc', '', d)}"
 
+KERNEL_FEATURES_RISCV = "\
+    arch/riscv/tunes/riscv-isa-clear.scc \
+    ${@bb.utils.contains(    'TUNE_FEATURES', 'rv 32 i m a', 'arch/riscv/tunes/riscv-isa-rv32i.scc',  '', d)} \
+    ${@bb.utils.contains(    'TUNE_FEATURES', 'rv 64 i m a', 'arch/riscv/tunes/riscv-isa-rv64i.scc',  '', d)} \
+    ${@bb.utils.contains(    'TUNE_FEATURES', 'f d',         'arch/riscv/tunes/riscv-isa-fpu.scc',    '', d)} \
+    ${@bb.utils.contains(    'TUNE_FEATURES', 'c',           'arch/riscv/tunes/riscv-isa-c.scc',      '', d)} \
+    ${@bb.utils.contains(    'TUNE_FEATURES', 'v',           'arch/riscv/tunes/riscv-isa-v.scc',      '', d)} \
+    ${@bb.utils.contains_any('TUNE_FEATURES', 'b zba',       'arch/riscv/tunes/riscv-isa-zba.scc',    '', d)} \
+    ${@bb.utils.contains_any('TUNE_FEATURES', 'b zbb',       'arch/riscv/tunes/riscv-isa-zbb.scc',    '', d)} \
+    ${@bb.utils.contains(    'TUNE_FEATURES', 'zbc',         'arch/riscv/tunes/riscv-isa-zbc.scc',    '', d)} \
+    ${@bb.utils.contains(    'TUNE_FEATURES', 'zicbom',      'arch/riscv/tunes/riscv-isa-zicbom.scc', '', d)} \
+    "
+
+KERNEL_FEATURES:append:riscv32 = " ${KERNEL_FEATURES_RISCV}"
+KERNEL_FEATURES:append:riscv64 = " ${KERNEL_FEATURES_RISCV}"
+
 # A KMACHINE is the mapping of a yocto $MACHINE to what is built
 # by the kernel. This is typically the branch that should be built,
 # and it can be specific to the machine or shared
diff --git a/meta/recipes-kernel/linux/linux-yocto_6.12.bb b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
index 262ae35704..205c8a3ed5 100644
--- a/meta/recipes-kernel/linux/linux-yocto_6.12.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.12.bb
@@ -18,25 +18,25 @@ KBRANCH:qemux86.104 ?= "v6.12/standard/base"
 KBRANCH:qemuloongarch64  ?= "v6.12/standard/base"
 KBRANCH:qemumips64 ?= "v6.12/standard/mti-malta64"
 
-SRCREV_machine:qemuarm ?= "37a1fd13ca538e7785daf01434495a614bc55ead"
-SRCREV_machine:qemuarm64 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0"
-SRCREV_machine:qemuloongarch64 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0"
-SRCREV_machine:qemumips ?= "2bcf58ea5aa19d54c436e63c59ab09b307e9ee8e"
-SRCREV_machine:qemuppc ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0"
-SRCREV_machine:qemuriscv64 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0"
-SRCREV_machine:qemuriscv32 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0"
-SRCREV_machine:qemux86 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0"
-SRCREV_machine:qemux86-64 ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0"
-SRCREV_machine:qemumips64 ?= "6470f58a8f04951f202cf85afb4421d2e7ec9995"
-SRCREV_machine ?= "298aefdf4112e7c0a84522e4acf2c722e433c8a0"
-SRCREV_meta ?= "60b8562e9989f268ad5d241989f56b71cfa1f648"
+SRCREV_machine:qemuarm ?= "511b6848cd392ee9bbc841794a5e905f4db31689"
+SRCREV_machine:qemuarm64 ?= "5633e9a98a153afa6b2051b116faef6c5e855bd8"
+SRCREV_machine:qemuloongarch64 ?= "5633e9a98a153afa6b2051b116faef6c5e855bd8"
+SRCREV_machine:qemumips ?= "afbfb2216d4f16a231b834922a937641864c8931"
+SRCREV_machine:qemuppc ?= "5633e9a98a153afa6b2051b116faef6c5e855bd8"
+SRCREV_machine:qemuriscv64 ?= "5633e9a98a153afa6b2051b116faef6c5e855bd8"
+SRCREV_machine:qemuriscv32 ?= "5633e9a98a153afa6b2051b116faef6c5e855bd8"
+SRCREV_machine:qemux86 ?= "5633e9a98a153afa6b2051b116faef6c5e855bd8"
+SRCREV_machine:qemux86-64 ?= "5633e9a98a153afa6b2051b116faef6c5e855bd8"
+SRCREV_machine:qemumips64 ?= "707ad7179119ed07e5911b61b08b7b11d2c9a352"
+SRCREV_machine ?= "5633e9a98a153afa6b2051b116faef6c5e855bd8"
+SRCREV_meta ?= "f8cd1607519efd135e4037c84b6e42684b12c5a8"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same
 # meta SRCREV as the linux-yocto-standard builds. Select your version using the
 # normal PREFERRED_VERSION settings.
 BBCLASSEXTEND = "devupstream:target"
-SRCREV_machine:class-devupstream ?= "df3f6d10f353de274cc7c87f52dba5d26f185393"
+SRCREV_machine:class-devupstream ?= "df64e51d4ab83244b6a4eb11eb41f89403611e24"
 PN:class-devupstream = "linux-yocto-upstream"
 KBRANCH:class-devupstream = "v6.12/base"
 
@@ -44,7 +44,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRA
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.12;destsuffix=${KMETA};protocol=https"
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
-LINUX_VERSION ?= "6.12.31"
+LINUX_VERSION ?= "6.12.36"
 
 PV = "${LINUX_VERSION}+git"
 
diff --git a/meta/recipes-support/icu/icu/0001-ICU-23120-Mask-UnicodeStringTest-TestLargeMemory-on-.patch b/meta/recipes-support/icu/icu/0001-ICU-23120-Mask-UnicodeStringTest-TestLargeMemory-on-.patch
new file mode 100644
index 0000000000..e2e9546679
--- /dev/null
+++ b/meta/recipes-support/icu/icu/0001-ICU-23120-Mask-UnicodeStringTest-TestLargeMemory-on-.patch
@@ -0,0 +1,28 @@
+From 4b3e6888c2aaba6465f1bc96f61b17a2513050f3 Mon Sep 17 00:00:00 2001
+From: David Seifert <soap@gentoo.org>
+Date: Sat, 21 Jun 2025 12:28:15 +0200
+Subject: [PATCH] ICU-23120 Mask UnicodeStringTest::TestLargeMemory on 32-bit
+ platforms
+
+Upstream-Status: Submitted [https://github.com/unicode-org/icu/pull/3496]
+Signed-off-by: Daisuke Yamane <yamane07ynct@gmail.com>
+---
+ test/intltest/ustrtest.cpp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/test/intltest/ustrtest.cpp b/test/intltest/ustrtest.cpp
+index 56976b3e3d2..26225f5b5b5 100644
+--- a/test/intltest/ustrtest.cpp
++++ b/test/intltest/ustrtest.cpp
+@@ -2353,7 +2353,7 @@ void UnicodeStringTest::TestUnicodeStringInsertAppendToSelf() {
+ }
+ 
+ void UnicodeStringTest::TestLargeMemory() {
+-#if U_PLATFORM_IS_LINUX_BASED || U_PLATFORM_IS_DARWIN_BASED
++#if (U_PLATFORM_IS_LINUX_BASED || U_PLATFORM_IS_DARWIN_BASED) && (UINTPTR_MAX == 0xFFFFFFFFFFFFFFFF)
+     if(quick) { return; }
+     IcuTestErrorCode status(*this, "TestLargeMemory");
+     constexpr uint32_t len = 2147483643;
+-- 
+2.43.0
+
diff --git a/meta/recipes-support/icu/icu/0001-test-Add-support-ptest.patch b/meta/recipes-support/icu/icu/0001-test-Add-support-ptest.patch
new file mode 100644
index 0000000000..88350c0db5
--- /dev/null
+++ b/meta/recipes-support/icu/icu/0001-test-Add-support-ptest.patch
@@ -0,0 +1,84 @@
+From 783d9e0d3d7824fbca53c2c3a80e8e5e23eacc82 Mon Sep 17 00:00:00 2001
+From: Daisuke Yamane <yamane07ynct@gmail.com>
+Date: Tue, 1 Jul 2025 18:35:25 +0900
+Subject: [PATCH] test: Add support ptest
+
+Upstream-Status: Inappropriate [oe-core specific]
+
+Signed-off-by: Daisuke Yamane <yamane07ynct@gmail.com>
+---
+ test/cintltst/Makefile.in  | 2 +-
+ test/intltest/Makefile.in  | 2 +-
+ test/intltest/intltest.cpp | 2 +-
+ test/iotest/Makefile.in    | 2 +-
+ test/letest/Makefile.in    | 2 +-
+ 5 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/test/cintltst/Makefile.in b/test/cintltst/Makefile.in
+index 552a105..9cf3071 100644
+--- a/test/cintltst/Makefile.in
++++ b/test/cintltst/Makefile.in
+@@ -39,7 +39,7 @@ CPPFLAGS += -I$(top_srcdir)/common -I$(top_srcdir)/i18n -I$(top_srcdir)/tools/ct
+ ifdef QNX_TARGET
+ DEFS += -D'ICU_UNICODE_VERSION="$(UNICODE_VERSION)"' -D'ICU_VERSION="@VERSION@"' -D'ICUDATA_NAME="$(ICUDATA_PLATFORM_NAME)"' -D'U_TOPSRCDIR="/var/icu_tests"' -D'U_TOPBUILDDIR="/var/icu_tests/"'
+ else
+-DEFS += -D'ICU_UNICODE_VERSION="$(UNICODE_VERSION)"' -D'ICU_VERSION="@VERSION@"' -D'ICUDATA_NAME="$(ICUDATA_PLATFORM_NAME)"' -D'U_TOPSRCDIR="$(top_srcdir)/"' -D'U_TOPBUILDDIR="$(BUILDDIR)"'
++DEFS += -D'ICU_UNICODE_VERSION="$(UNICODE_VERSION)"' -D'ICU_VERSION="@VERSION@"' -D'ICUDATA_NAME="$(ICUDATA_PLATFORM_NAME)"' -D'U_TOPSRCDIR="$(PTEST_PATH)/"' -D'U_TOPBUILDDIR="$(PTEST_PATH)/"'
+ endif
+ LIBS = $(LIBCTESTFW) $(LIBICUI18N) $(LIBICUTOOLUTIL) $(LIBICUUC) $(DEFAULT_LIBS) $(LIB_M)
+ 
+diff --git a/test/intltest/Makefile.in b/test/intltest/Makefile.in
+index 5d4a03b..ca4e4cd 100644
+--- a/test/intltest/Makefile.in
++++ b/test/intltest/Makefile.in
+@@ -39,7 +39,7 @@ CPPFLAGS += -DUNISTR_FROM_CHAR_EXPLICIT= -DUNISTR_FROM_STRING_EXPLICIT=
+ ifdef QNX_TARGET
+ DEFS += -D'U_TOPSRCDIR="/var/icu_tests"' -D'U_TOPBUILDDIR="/var/icu_tests/"'
+ else
+-DEFS += -D'U_TOPSRCDIR="$(top_srcdir)/"' -D'U_TOPBUILDDIR="$(BUILDDIR)"'
++DEFS += -D'U_TOPSRCDIR="$(PTEST_PATH)/"' -D'U_TOPBUILDDIR="$(PTEST_PATH)/"'
+ endif
+ LIBS = $(LIBCTESTFW) $(LIBICUI18N) $(LIBICUUC) $(LIBICUTOOLUTIL) $(DEFAULT_LIBS) $(LIB_M) $(LIB_THREAD)
+ 
+diff --git a/test/intltest/intltest.cpp b/test/intltest/intltest.cpp
+index 3806d0f..33829b0 100644
+--- a/test/intltest/intltest.cpp
++++ b/test/intltest/intltest.cpp
+@@ -1713,7 +1713,7 @@ static bool fileExists(const char* fileName) {
+  * Returns the path to icu/testdata/
+  */
+ const char *IntlTest::getSharedTestData(UErrorCode& err) {
+-#define SOURCE_TARBALL_TOP U_TOPSRCDIR U_FILE_SEP_STRING ".." U_FILE_SEP_STRING
++#define SOURCE_TARBALL_TOP U_TOPSRCDIR U_FILE_SEP_STRING
+ #define REPO_TOP SOURCE_TARBALL_TOP ".." U_FILE_SEP_STRING
+ #define FILE_NAME U_FILE_SEP_STRING "message2" U_FILE_SEP_STRING "valid-tests.json"
+     const char *srcDataDir = nullptr;
+diff --git a/test/iotest/Makefile.in b/test/iotest/Makefile.in
+index 16c510f..9eeff4b 100644
+--- a/test/iotest/Makefile.in
++++ b/test/iotest/Makefile.in
+@@ -39,7 +39,7 @@ CPPFLAGS += -DUNISTR_FROM_CHAR_EXPLICIT= -DUNISTR_FROM_STRING_EXPLICIT=
+ ifdef QNX_TARGET
+ DEFS += -D'U_TOPSRCDIR="/var/icu_tests"' -D'U_TOPBUILDDIR="/var/icu_tests/"'
+ else
+-DEFS += -D'U_TOPSRCDIR="$(top_srcdir)/"' -D'U_TOPBUILDDIR="$(BUILDDIR)"'
++DEFS += -D'U_TOPSRCDIR="$(PTEST_PATH)/"' -D'U_TOPBUILDDIR="$(PTEST_PATH)/"'
+ endif
+ LIBS = $(LIBCTESTFW) $(LIBICUTOOLUTIL) $(LIBICUIO) $(LIBICUI18N) $(LIBICUUC) $(DEFAULT_LIBS) $(LIB_M)
+ 
+diff --git a/test/letest/Makefile.in b/test/letest/Makefile.in
+index 156c86f..555a820 100644
+--- a/test/letest/Makefile.in
++++ b/test/letest/Makefile.in
+@@ -30,7 +30,7 @@ BUILDDIR := $(BUILDDIR:test\\cintltst/../../=)
+ BUILDDIR := $(BUILDDIR:TEST\\CINTLTST/../../=)
+ 
+ CPPFLAGS += -I$(top_srcdir)/common -I$(top_srcdir)/i18n -I$(top_srcdir)/tools/ctestfw -I$(top_srcdir)/tools/toolutil -I$(top_srcdir)/layoutex $(ICULE_CFLAGS) $(ICULEHB_CFLAGS)
+-DEFS += -D'U_TOPSRCDIR="$(top_srcdir)/"' -D'U_TOPBUILDDIR="$(BUILDDIR)"'
++DEFS += -D'U_TOPSRCDIR="$(PTEST_PATH)/"' -D'U_TOPBUILDDIR="$(PTEST_PATH)/"'
+ LIBS = $(LIBICULX) $(LIBICUUC) $(LIBICUI18N) $(LIBCTESTFW) $(LIBICUTOOLUTIL) $(DEFAULT_LIBS) $(LIB_M) $(ICULEHB_LIBS)
+ 
+ COMMONOBJECTS = SimpleFontInstance.o
+-- 
+2.43.0
+
diff --git a/meta/recipes-support/icu/icu/run-ptest b/meta/recipes-support/icu/icu/run-ptest
new file mode 100755
index 0000000000..e5bf27a822
--- /dev/null
+++ b/meta/recipes-support/icu/icu/run-ptest
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+TOPDIR=$(dirname "$(realpath $0)")
+cd ${TOPDIR}/test/tests
+TESTS=$(find . -executable -type f)
+for t in ${TESTS}; do
+        ./$t
+        if [ "$?" = "0" ]; then
+                echo "PASS: $t"
+        else
+                echo "FAIL: $t"
+        fi
+done
diff --git a/meta/recipes-support/icu/icu_77-1.bb b/meta/recipes-support/icu/icu_77-1.bb
index e655b18ad2..cd81a6c729 100644
--- a/meta/recipes-support/icu/icu_77-1.bb
+++ b/meta/recipes-support/icu/icu_77-1.bb
@@ -119,6 +119,9 @@ SRC_URI = "${BASE_SRC_URI};name=code \
            ${DATA_SRC_URI};name=data \
            file://filter.json \
            file://0001-icu-Added-armeb-support.patch \
+           file://0001-ICU-23120-Mask-UnicodeStringTest-TestLargeMemory-on-.patch \
+           file://0001-test-Add-support-ptest.patch \
+           file://run-ptest \
            "
 
 SRC_URI:append:class-target = "\
@@ -160,3 +163,23 @@ do_make_icudata() {
 }
 
 addtask make_icudata before do_configure after do_patch do_prepare_recipe_sysroot
+
+inherit ptest
+RDEPENDS:${PN}-ptest += "bash"
+
+do_compile_ptest() {
+    oe_runmake -C test everything PTEST_PATH=${PTEST_PATH}
+}
+
+do_install_ptest() {
+    install -d ${D}${PTEST_PATH}/test
+    install -d ${D}${PTEST_PATH}/data
+    cp -r ${S}/test/testdata ${D}/${PTEST_PATH}/test
+    cp -r ${S}/data/unidata ${D}/${PTEST_PATH}/data/
+    cp -r ${S}/data/sprep ${D}/${PTEST_PATH}/data/
+    cp -r ${S}/../testdata ${D}/${PTEST_PATH}/
+    cp -r ${B}/test/testdata/out ${D}/${PTEST_PATH}/test/testdata
+
+    install -d ${D}${PTEST_PATH}/test/tests
+    find ${B}/test/ -type f -executable -exec cp {} ${D}${PTEST_PATH}/test/tests \;
+}
diff --git a/meta/recipes-support/re2c/re2c_4.2.bb b/meta/recipes-support/re2c/re2c_4.3.bb
index 0696080603..eafdf93078 100644
--- a/meta/recipes-support/re2c/re2c_4.2.bb
+++ b/meta/recipes-support/re2c/re2c_4.3.bb
@@ -7,7 +7,7 @@ LICENSE = "PD"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=64eca4d8a3b67f9dc7656094731a2c8d"
 
 SRC_URI = "${GITHUB_BASE_URI}/download/${PV}/${BPN}-${PV}.tar.xz"
-SRC_URI[sha256sum] = "c9dc2b24f340d135a07a1ac63ff53f7f8f74997fed5a4e9132a64050dbc3da1f"
+SRC_URI[sha256sum] = "51e88d6d6b6ab03eb7970276aca7e0db4f8e29c958b84b561d2fdcb8351c7150"
 GITHUB_BASE_URI = "https://github.com/skvadrik/re2c/releases"
 
 BBCLASSEXTEND = "native nativesdk"
diff --git a/scripts/contrib/improve_kernel_cve_report.py b/scripts/contrib/improve_kernel_cve_report.py
index 829cc4cd30..5c39df05a5 100755
--- a/scripts/contrib/improve_kernel_cve_report.py
+++ b/scripts/contrib/improve_kernel_cve_report.py
@@ -340,6 +340,10 @@ def cve_update(cve_data, cve, entry):
     if cve_data[cve]['status'] == entry['status']:
         return
     if entry['status'] == "Unpatched" and cve_data[cve]['status'] == "Patched":
+        # Backported-patch (e.g. vendor kernel repo with cherry-picked CVE patch)
+        # has priority over unpatch from CNA
+        if cve_data[cve]['detail'] == "backported-patch":
+            return
         logging.warning("CVE entry %s update from Patched to Unpatched from the scan result", cve)
         cve_data[cve] = copy_data(cve_data[cve], entry)
         return
@@ -441,10 +445,12 @@ def main():
                 is_kernel=True
         if not is_kernel:
             continue
-
+        # We remove custom versions after -
+        upstream_version = Version(pkg["version"].split("-")[0])
+        logging.info("Checking kernel %s", upstream_version)
         kernel_cves = get_kernel_cves(args.datadir,
                                       compiled_files,
-                                      Version(pkg["version"]))
+                                      upstream_version)
         logging.info("Total kernel cves from kernel CNA: %s", len(kernel_cves))
         cves = {issue["id"]: issue for issue in pkg["issue"]}
         logging.info("Total kernel before processing cves: %s", len(cves))