<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-el-common.git/recipes-support, branch zeus</title>
<subtitle>Commmon distro layer for Enea Linux</subtitle>
<id>https://git.enea.com/cgit/linux/meta-el-common.git/atom?h=zeus</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-el-common.git/atom?h=zeus'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/'/>
<updated>2019-09-05T16:21:18+00:00</updated>
<entry>
<title>libxslt: remove patch for CVE-2015-9019</title>
<updated>2019-09-05T16:21:18+00:00</updated>
<author>
<name>Adrian Stratulat</name>
<email>adrian.stratulat@enea.com</email>
</author>
<published>2019-09-04T05:23:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=3a54ed3bfbcaa4373e3aa32ce2fc57494e198320'/>
<id>urn:sha1:3a54ed3bfbcaa4373e3aa32ce2fc57494e198320</id>
<content type='text'>
CVE-2015-9019 affects libxslt 1.1.29, while the 'warrior' branch uses libxslt 1.1.33.
This patch is not applicable anymore.

References:
https://nvd.nist.gov/vuln/detail/CVE-2015-9019
https://git.enea.com/cgit/linux/poky.git/tree/meta/recipes-support/libxslt?h=warrior

Change-Id: I0ec21f4f3f574d06a6cf00eca9f1a221028c175b
Signed-off-by: Adrian Stratulat &lt;adrian.stratulat@enea.com&gt;
</content>
</entry>
<entry>
<title>libpcre: remove workaround for CVE-2017-11164</title>
<updated>2019-09-05T15:41:46+00:00</updated>
<author>
<name>Adrian Stratulat</name>
<email>adrian.stratulat@enea.com</email>
</author>
<published>2019-09-04T05:29:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=2fccd4f89736df00e59bed7aeacf9ef79ec57557'/>
<id>urn:sha1:2fccd4f89736df00e59bed7aeacf9ef79ec57557</id>
<content type='text'>
CVE-2017-11164 affects libpcre 8.41, while the 'warrior' branch uses libpcre 8.43.
This patch is not applicable anymore.

References:
https://nvd.nist.gov/vuln/detail/CVE-2017-11164
https://git.enea.com/cgit/linux/poky.git/tree/meta/recipes-support/libpcre

Change-Id: I820e23de5d21648c8c5d0ddef4ad16030a592c80
Signed-off-by: Adrian Stratulat &lt;adrian.stratulat@enea.com&gt;
</content>
</entry>
<entry>
<title>libpcre: 8.41 -&gt; 8.42</title>
<updated>2018-09-17T06:21:19+00:00</updated>
<author>
<name>Sona Sarmadi</name>
<email>sona.sarmadi@enea.com</email>
</author>
<published>2018-09-17T06:21:19+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=bef574e8d1aedbbb99d0dea6f2d2b1e5166743ae'/>
<id>urn:sha1:bef574e8d1aedbbb99d0dea6f2d2b1e5166743ae</id>
<content type='text'>
The update fixes CVE-2017-11164.
Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-11164

Backport from upstream master branch.

Change-Id: I18acd817fa4385974749996685a5aeeb7506d474
Signed-off-by: Sona Sarmadi &lt;sona.sarmadi@enea.com&gt;
</content>
</entry>
<entry>
<title>curl: Drop CVE patches</title>
<updated>2018-05-03T12:29:23+00:00</updated>
<author>
<name>Martin Borg</name>
<email>martin.borg@enea.com</email>
</author>
<published>2018-05-03T12:29:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=8c928bbadf6ae0e6dc2705ed57c89eb2e6810197'/>
<id>urn:sha1:8c928bbadf6ae0e6dc2705ed57c89eb2e6810197</id>
<content type='text'>
curl was upgraded to 7.58.0 on upstream poky rocko branch
and this version already contains all our CVE patches.

Signed-off-by: Martin Borg &lt;martin.borg@enea.com&gt;
</content>
</entry>
<entry>
<title>curl: fix for CVE-2018-1000005</title>
<updated>2018-03-13T09:08:13+00:00</updated>
<author>
<name>Sona Sarmadi</name>
<email>sona.sarmadi@enea.com</email>
</author>
<published>2018-03-13T07:22:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=7084be4c7f3276f70ff28a60a123d0523c9a1f96'/>
<id>urn:sha1:7084be4c7f3276f70ff28a60a123d0523c9a1f96</id>
<content type='text'>
Out-of-bounds read in code handling HTTP/2 trailers

References:
https://curl.haxx.se/docs/adv_2018-824a.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000005

Affects libcurl 7.49.0 to and including 7.57.0

Signed-off-by: Sona Sarmadi &lt;sona.sarmadi@enea.com&gt;
Signed-off-by: Martin Borg &lt;martin.borg@enea.com&gt;
</content>
</entry>
<entry>
<title>curl: fixed build error</title>
<updated>2018-03-02T09:13:27+00:00</updated>
<author>
<name>Sona Sarmadi</name>
<email>sona.sarmadi@enea.com</email>
</author>
<published>2018-03-02T08:32:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=ac783c78f47080c3b28b964c1d052079a0c7a21e'/>
<id>urn:sha1:ac783c78f47080c3b28b964c1d052079a0c7a21e</id>
<content type='text'>
Signed-off-by: Sona Sarmadi &lt;sona.sarmadi@enea.com&gt;
Signed-off-by: Martin Borg &lt;martin.borg@enea.com&gt;
</content>
</entry>
<entry>
<title>curl: Drop CVE patches</title>
<updated>2018-03-01T09:51:32+00:00</updated>
<author>
<name>Martin Borg</name>
<email>martin.borg@enea.com</email>
</author>
<published>2018-03-01T09:49:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=41dcb36cac7813c0c2a5a7c1c1535a61caaab233'/>
<id>urn:sha1:41dcb36cac7813c0c2a5a7c1c1535a61caaab233</id>
<content type='text'>
The CVEs have been fixed in upstream poky/rocko.

Signed-off-by: Martin Borg &lt;martin.borg@enea.com&gt;
</content>
</entry>
<entry>
<title>freetype/libarchive/gnutls: Drop CVE patches</title>
<updated>2018-03-01T09:42:05+00:00</updated>
<author>
<name>Martin Borg</name>
<email>martin.borg@enea.com</email>
</author>
<published>2018-03-01T09:39:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=b6d4cd74cebeded8a49c06c6d7a52c32769f3ed8'/>
<id>urn:sha1:b6d4cd74cebeded8a49c06c6d7a52c32769f3ed8</id>
<content type='text'>
The CVEs have been fixed in upstream poky/rocko.

Signed-off-by: Martin Borg &lt;martin.borg@enea.com&gt;
</content>
</entry>
<entry>
<title>curl: security fix for CVE-2017-8817</title>
<updated>2017-12-06T10:34:56+00:00</updated>
<author>
<name>Sona Sarmadi</name>
<email>sona.sarmadi@enea.com</email>
</author>
<published>2017-12-04T10:57:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=c207a4bc5d80dae6cc430df04bddaceac04687e6'/>
<id>urn:sha1:c207a4bc5d80dae6cc430df04bddaceac04687e6</id>
<content type='text'>
FTP wildcard out of bounds read

References:
https://curl.haxx.se/docs/adv_2017-ae72.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817

Signed-off-by: Sona Sarmadi &lt;sona.sarmadi@enea.com&gt;
Signed-off-by: Adrian Dudau &lt;adrian.dudau@enea.com&gt;
</content>
</entry>
<entry>
<title>curl: security fix for CVE-2017-8816</title>
<updated>2017-12-06T10:34:56+00:00</updated>
<author>
<name>Sona Sarmadi</name>
<email>sona.sarmadi@enea.com</email>
</author>
<published>2017-12-04T10:57:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-el-common.git/commit/?id=0d571b4ef52c14ca5ea8faa1d6ffb7ec4992f9e8'/>
<id>urn:sha1:0d571b4ef52c14ca5ea8faa1d6ffb7ec4992f9e8</id>
<content type='text'>
NTLM buffer overflow via integer overflow

References:
https://curl.haxx.se/docs/adv_2017-12e7.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816

Signed-off-by: Sona Sarmadi &lt;sona.sarmadi@enea.com&gt;
Signed-off-by: Adrian Dudau &lt;adrian.dudau@enea.com&gt;
</content>
</entry>
</feed>
