Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap 2026-03-24T03:22:05+00:00 2026-03-24T03:22:05+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-05T19:46:04+00:00 urn:sha1:67d0242d70b9acd16bae03ea60f2aa5fa68a2da1 There is an additional patch for CVE-2026-0797, which is not mentioned in the CVE advisory, nor in the related issue nor in the related PR, however both the change, and the commit message shows that this is a continuation of the original fix, which was incomplete. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-03-24T03:22:00+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-05T11:07:13+00:00 urn:sha1:1a6816e20f8c0477ca96fc775a9e1227caead03d Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2048 Pick the patch from the relevant upstream issue[1]; [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15554 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-03-24T03:21:51+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-05T11:07:12+00:00 urn:sha1:fb8e5b96592439a2d6f79223dc5c64c6aab6b388 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2047 The vulnerability exists in ICNS importer, which was first introduced in version 3.0 [1], and the code is not present in the recipe version. Due to this, ignore this CVE. [1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-03-24T03:17:06+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-05T11:07:11+00:00 urn:sha1:210ce6945cb84ec116acbba9366447e5a0cfd38b Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2045 Pick the patch associated with the relevant upstream issue[1]. [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15293 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-03-24T03:17:05+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-05T11:07:10+00:00 urn:sha1:276a3b71954f8d953e9f20212726c86c09343fa9 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2044 Pick the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-03-24T03:17:05+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-05T11:07:09+00:00 urn:sha1:74f6a2e5acd6e53a6492fabc400a513883180521 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0797 The patch referenced in the NVD report looks incorrect. This change in this patch was taken from the related upstream issue[1]. [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15555 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-03-24T03:17:04+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-05T11:07:08+00:00 urn:sha1:3dd2d0dc9876d62e5d6a785027675eb6620abac0 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2761 Pick the patch from the relevant upstream bug[1]. [1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-03-24T03:17:04+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-05T11:07:07+00:00 urn:sha1:50d7ec475b2f088baa568b88c0504048a0b557fd Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2760 Use the fixes from Debian. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-03-24T03:17:03+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-04T20:39:44+00:00 urn:sha1:42d1f2f68181645a8cb9ef896d9c3fc29687c38f Details: https://nvd.nist.gov/vuln/detail/CVE-2025-15059 Backport the patch that is referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2026-03-24T03:17:03+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-03-04T20:39:43+00:00 urn:sha1:077dad4b6dc83bcf741a8c679125e474e6531236 Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424 The vulnerbaility was introduced in version 3.0.0, with commit[1]. The recipe version isn't vulnerable - ignore this CVE. [1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/a0fc5a025ae3579609730ebabc3c84146385da76 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>