linux/meta-openembedded.git, branch scarthgap Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap 2026-04-15T08:42:18+00:00 nginx: fix CVE-2026-28753 2026-04-15T08:42:18+00:00 Ankur Tyagi ankur.tyagi85@gmail.com 2026-04-09T11:22:07+00:00 urn:sha1:5124ac4a658899158f4a7a2ddf1d2ca931ec7d0e As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix. Backport the commit[3] from 1.28.3 changelog matching the description. [1] https://my.f5.com/manage/s/article/K000160367 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-28753 [3] https://github.com/nginx/nginx/commit/6a8513761fb327f67fcc6cfcf1ad216887e2589f Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> nginx: fix CVE-2026-27654 2026-04-15T08:42:18+00:00 Ankur Tyagi ankur.tyagi85@gmail.com 2026-04-09T11:22:06+00:00 urn:sha1:24459e3f5c236726a27f74e8b748daaf265fdcb3 As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix. Backport the commit[3] from 1.28.3 changelog matching the description. [1] https://my.f5.com/manage/s/article/K000160382 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-27654 [3] https://github.com/nginx/nginx/commit/a1d18284e0a173c4ef2b28425535d0f640ae0a82 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> nginx: fix CVE-2026-27651 2026-04-15T08:42:18+00:00 Ankur Tyagi ankur.tyagi85@gmail.com 2026-04-09T11:22:05+00:00 urn:sha1:958cca39870ffba7e657b28cc25ee107fb57a2b8 As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix. Backport the commit[3] from 1.28.3 changelog matching the description. [1] https://my.f5.com/manage/s/article/K000160383 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-27651 [3] https://github.com/nginx/nginx/commit/0f71dd8ea94ab8c123413b2e465be12a35392e9c Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> grpc: set status for CVE-2026-33186 2026-04-15T08:42:18+00:00 Peter Marko peter.marko@siemens.com 2026-04-12T15:37:04+00:00 urn:sha1:0ef4a2ecee12e2145c868ab7c049c5298de9e02d CPE per NVD report is for "go", while this is C++ component: * cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* Also the link to adisory within NVD report says "grpc-go": * https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> python3-werkzeug: ignore CVE-2026-27199 2026-04-15T08:42:18+00:00 Ankur Tyagi ankur.tyagi85@gmail.com 2026-04-11T11:14:49+00:00 urn:sha1:a1b14b7a3aadd2ad6b117bdafa505928edadfeb7 Vvulnerability affects Windows application and can be ignored. Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27199 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> python3-tornado: fix CVE-2026-35536 2026-04-15T08:42:18+00:00 Ankur Tyagi ankur.tyagi85@gmail.com 2026-04-11T11:14:48+00:00 urn:sha1:3b6292cfbef8b60750071da92ccb91d50a63c2be Backport the commit[1] from version 6.5.5 which fixes this vulnerability according to the NVD[2]. [1] https://github.com/tornadoweb/tornado/commit/24a2d96ea115f663b223887deb0060f13974c104 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-35536 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> python3-flask: upgrade 3.0.2 -> 3.0.3 2026-04-15T08:42:18+00:00 Ankur Tyagi ankur.tyagi85@gmail.com 2026-04-11T11:14:47+00:00 urn:sha1:667917103437dd9a6a737f005628884058ee2b79 License Update: File renamed as txt[1] Release Notes: https://github.com/pallets/flask/releases/tag/3.0.3 [1] https://github.com/pallets/flask/commit/87d5f5b9a9697434e6d972b021201105eabb54e6 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> python3-ecdsa: fix CVE-2026-33936 2026-04-15T08:42:18+00:00 Ankur Tyagi ankur.tyagi85@gmail.com 2026-04-11T11:14:46+00:00 urn:sha1:8ce4b233c6e2afa6be89ad31a3c77452b0f3a23b Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33936 Ptests passed: root@qemux86:~# ptest-runner python3-ecdsa START: ptest-runner 2026-04-11T08:04 BEGIN: /usr/lib/python3-ecdsa/ptest ... ... Testsuite summary # TOTAL: 1978 # PASS: 1974 # SKIP: 4 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 DURATION: 386 END: /usr/lib/python3-ecdsa/ptest 2026-04-11T08:10 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> python3-django: upgrade 4.2.29 -> 4.2.30 2026-04-15T08:42:18+00:00 Ankur Tyagi ankur.tyagi85@gmail.com 2026-04-11T11:14:45+00:00 urn:sha1:8e106a9b12bb8dbb24a63ef058bc12fc0c218b4b Release Notes: https://docs.djangoproject.com/en/dev/releases/4.2.30/ Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> nmap: rename enum PCAP_SOCKET 2026-04-15T08:42:18+00:00 Jinfeng Wang jinfeng.wang.cn@windriver.com 2026-04-10T07:05:08+00:00 urn:sha1:f3e47be00a48203722057ed36d6fc0878a447000 The enum PCAP_SOCKET conflicts with the PCAP_SOCKET macro introduced in libpcap 1.10.5. Use ifdefs to handle both old and new libpcap versions, renaming the enum to NM_PCAP_SOCKET when the PCAP_SOCKET macro is defined. Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>