<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe/recipes-support/libraw/libraw_0.22.1.bb, branch master</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-04-20T14:35:35+00:00</updated>
<entry>
<title>libraw: mark CVE-2026-20911 and CVE-2026-21413 patched</title>
<updated>2026-04-20T14:35:35+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-20T06:27:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=7f49deaf7e365b56f5f666aec97569c29e523d70'/>
<id>urn:sha1:7f49deaf7e365b56f5f666aec97569c29e523d70</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-20911
https://nvd.nist.gov/vuln/detail/CVE-2026-21413

Both CVEs are tracked with incorrect version info: NVD indicates that
0.22.1 is explicitly vulnerable, but the fixes are actually included
in this release.

Relevant commits:
CVE-2026-20911: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b
CVE-2026-21413: https://github.com/LibRaw/LibRaw/commit/75ed2c12a35b765b3b6ad695cc1f044f19efe644

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>libraw: mark fixed CVEs patched</title>
<updated>2026-04-13T22:28:24+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-13T18:02:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=7355320e1278891540fc828af791d97a283fc905'/>
<id>urn:sha1:7355320e1278891540fc828af791d97a283fc905</id>
<content type='text'>
These CVEs have been fixed already in the current version, however
NVD tracks them with incorrect version information.

Commits that fix them:
CVE-2026-20884: https://github.com/LibRaw/LibRaw/commit/aa4458eb511daeae90676c1ce5c587106e4aaec1
CVE-2026-24450: https://github.com/LibRaw/LibRaw/commit/c911c9b9edffa5fab99f828d0fee6dd2d0f6105f

These commits were identified from the changelog of this version[1], which mentions the
Talos ID of the vulnerabilities (and the Talos ID is mentioned in the NVD reports[2][3]).

[1]: https://github.com/LibRaw/LibRaw/releases/tag/0.22.1
[2]: https://nvd.nist.gov/vuln/detail/CVE-2026-24450
[3]: https://nvd.nist.gov/vuln/detail/CVE-2026-20884

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>libraw: upgrade 0.21.4 -&gt; 0.22.1</title>
<updated>2026-04-06T16:46:30+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-06T12:03:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=357f65dd13211e867bd96af130fabd88f9084d5e'/>
<id>urn:sha1:357f65dd13211e867bd96af130fabd88f9084d5e</id>
<content type='text'>
Contains fixes for CVE-2026-5318[1] and CVE-2026-5318[2] (both are tracked without
a version by NVD, so they are explicitly marked as patched)

License-update: copyright year bump

Changelog: https://github.com/LibRaw/LibRaw/blob/0.22-stable/Changelog.txt

[1]: https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b
[2]: https://github.com/LibRaw/LibRaw/commit/2468614a9cbcab6b75ca279ab60cac62156f7aeb

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;khem.raj@oss.qualcomm.com&gt;
</content>
</entry>
</feed>
