<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb, branch master</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-04-20T14:35:34+00:00</updated>
<entry>
<title>libcoap: upgrade 4.3.5a -&gt; 4.3.5b</title>
<updated>2026-04-20T14:35:34+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-20T06:27:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=f896922914d5b07c2837ba5bcd539ea4f5169498'/>
<id>urn:sha1:f896922914d5b07c2837ba5bcd539ea4f5169498</id>
<content type='text'>
Contains fix fox CVE-2026-29013

Shortlog:
https://github.com/obgm/libcoap/compare/v4.3.5a...v4.3.5b

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>libcoap: set CVE version suffix</title>
<updated>2026-01-20T16:16:57+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2026-01-16T19:56:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=e8e6a1a82912790ede79ad91f0b16dc9c5a0090a'/>
<id>urn:sha1:e8e6a1a82912790ede79ad91f0b16dc9c5a0090a</id>
<content type='text'>
CVE metrics currently report CVE-2025-34468 as open.
CPE is &lt;=4.3.5, while recipe version is 4.3.5a which is a higher
version, however by default cve-check only compares numbers.

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libcoap: ignore CVE-2025-50518</title>
<updated>2025-12-17T03:57:34+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2025-12-16T11:14:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=598176e1cb6c928e322e26d358e8d01ba9d5af0a'/>
<id>urn:sha1:598176e1cb6c928e322e26d358e8d01ba9d5af0a</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-50518

The vulnerability is disputed by upstream, because the vulnerability
requires a user error, incorrect library usage. See also an upstream
discussion in a related (rejected) PR: https://github.com/obgm/libcoap/pull/1726

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
<entry>
<title>libcoap: upgrade 4.3.5 -&gt; 4.3.5a</title>
<updated>2025-12-04T14:06:46+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-12-04T07:23:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=6a9cc44a92a1fb817d68de3190219626dcf96d2d'/>
<id>urn:sha1:6a9cc44a92a1fb817d68de3190219626dcf96d2d</id>
<content type='text'>
Changelog [1]:
  * Fixes the following CVEs
    CVE-2025-59391
    CVE-2025-65494
    CVE-2025-65495
    CVE-2025-65496
    CVE-2025-65497
    CVE-2025-65498
    CVE-2025-65499
    CVE-2025-65500
    CVE-2025-65501
  * CVE-2025-50518 not fixed as user application error.
  * Support for Mbed TLS 3.6.3.
  * Support for RIOT update changes.
  * Fixes for later CI environment builds.
  * Critical reported bugs fixed.

Add tag to SRC_URI for hash verification.

License-Update: copyright years refreshed [2]

[1] https://github.com/obgm/libcoap/blob/v4.3.5a/ChangeLog
[2] https://github.com/obgm/libcoap/commit/993c12ac92ce6a24a409924fe78a5c0fe7246699

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
</content>
</entry>
</feed>
