<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-oe, branch scarthgap</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-05-25T02:35:43+00:00</updated>
<entry>
<title>postgresql: upgrade 16.12 -&gt; 16.14</title>
<updated>2026-05-25T02:35:43+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-05-23T12:39:03+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=d8cc4e44001c7257273d290ce8c4496e93d32841'/>
<id>urn:sha1:d8cc4e44001c7257273d290ce8c4496e93d32841</id>
<content type='text'>
Also refreshed patches to resolve patch fuzz QA issue.

Bug fix releases
https://www.postgresql.org/docs/release/16.13/
https://www.postgresql.org/docs/release/16.14/

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nss: Fix CVE-2026-2781</title>
<updated>2026-05-21T04:26:15+00:00</updated>
<author>
<name>Hugo SIMELIERE (Schneider Electric)</name>
<email>hsimeliere.opensource@witekio.com</email>
</author>
<published>2026-05-20T11:50:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=59f8c396f936e99770e6876af1e68e27d696857c'/>
<id>urn:sha1:59f8c396f936e99770e6876af1e68e27d696857c</id>
<content type='text'>
Pick patch from [1] as 3.9X upstream mirror backport of [2] mentioned in Debian report in [3].

[1] https://github.com/nss-dev/nss/commit/870d3b013e6b39540d14e67b3db89da5a96381bf
[2] https://hg-edge.mozilla.org/projects/nss/rev/245385e16fa6
[3] https://security-tracker.debian.org/tracker/CVE-2026-2781

Signed-off-by: Hugo SIMELIERE (Schneider Electric) &lt;hsimeliere.opensource@witekio.com&gt;
Reviewed-by: Bruno VERNAY &lt;bruno.vernay@se.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>dash: fix CVE-2026-31323</title>
<updated>2026-05-21T03:27:48+00:00</updated>
<author>
<name>Theo Gaige</name>
<email>tgaige.opensource@witekio.com</email>
</author>
<published>2026-05-19T13:26:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=7acc7441941f8af0bb78700f62e926da2bbc12c9'/>
<id>urn:sha1:7acc7441941f8af0bb78700f62e926da2bbc12c9</id>
<content type='text'>
Backport upstream fix for CVE-2026-31323 [1].

[1] https://git.kernel.org/pub/scm/utils/dash/dash.git/commit/?id=0034bfe185d3d875cebace8cb3ca5c9dabf9e0f3

Signed-off-by: Theo Gaige &lt;tgaige.opensource@witekio.com&gt;
Reviewed-by: Bruno Vernay &lt;bruno.vernay@se.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>libssh: set status for CVE-2025-14821</title>
<updated>2026-05-21T03:27:48+00:00</updated>
<author>
<name>Sudhir Dumbhare</name>
<email>sudumbha@cisco.com</email>
</author>
<published>2026-05-14T12:48:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9f70f8d461abae94342da0e41ed978022e0eefe2'/>
<id>urn:sha1:9f70f8d461abae94342da0e41ed978022e0eefe2</id>
<content type='text'>
The vulnerability is Windows-specific and depends on loading
configuration from C:\etc, which does not apply to Linux/Yocto builds

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-14821
https://github.com/advisories/GHSA-5jf9-8f86-jhvw
https://www.libssh.org/security/advisories/CVE-2025-14821.txt

Signed-off-by: Sudhir Dumbhare &lt;sudumbha@cisco.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>lcms: patch CVE-2026-42798</title>
<updated>2026-05-21T03:27:46+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-05-13T05:04:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=100da99a04bff89f53822c220e223298cb780f66'/>
<id>urn:sha1:100da99a04bff89f53822c220e223298cb780f66</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-42798

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>lcms: patch CVE-2026-41254</title>
<updated>2026-05-21T03:27:46+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-05-13T05:04:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=49a682f2eda7d3405347fe9665d435b04fd9cfa3'/>
<id>urn:sha1:49a682f2eda7d3405347fe9665d435b04fd9cfa3</id>
<content type='text'>
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-41254

Backport the patches referenced by the NVD advisory.

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>exiftool: ignore CVE-2026-7580</title>
<updated>2026-05-21T03:27:44+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-05-13T05:04:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=92b579811512a187b39b6c8b866b7e9066a3b89c'/>
<id>urn:sha1:92b579811512a187b39b6c8b866b7e9066a3b89c</id>
<content type='text'>
The impacted function mentioned in the nvd[1] was introduced in v12.82[2],
hence we can ignore this CVE.

[1]https://nvd.nist.gov/vuln/detail/CVE-2026-7580
[2]https://github.com/exiftool/exiftool/commit/280a7f0db71b5887be492d57723723cb196ad2f9

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>php: upgrade 8.2.30 -&gt; 8.2.31</title>
<updated>2026-05-21T03:27:43+00:00</updated>
<author>
<name>Jason Schonberg</name>
<email>schonm@gmail.com</email>
</author>
<published>2026-05-08T07:42:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=5fe0fb19e7fe5b0084cda56985203fc180f1607b'/>
<id>urn:sha1:5fe0fb19e7fe5b0084cda56985203fc180f1607b</id>
<content type='text'>
This is a security release.

Changelog: https://www.php.net/ChangeLog-8.php#8.2.31

Signed-off-by: Jason Schonberg &lt;schonm@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>onig: Add CVE_PRODUCT to support product name</title>
<updated>2026-05-21T03:27:43+00:00</updated>
<author>
<name>Het Patel</name>
<email>hetpat@cisco.com</email>
</author>
<published>2026-05-08T06:28:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=aaa594e19e932d99f9de020a5f9f83077d0cf28d'/>
<id>urn:sha1:aaa594e19e932d99f9de020a5f9f83077d0cf28d</id>
<content type='text'>
- Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE
reporting.

Signed-off-by: Het Patel &lt;hetpat@cisco.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit 7bc5268662f1428bdbca08e14d223aa6b62e87f3)
Signed-off-by: Himanshu Jadon &lt;hjadon@cisco.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>abseil-cpp: Add CVE_PRODUCT to support product name</title>
<updated>2026-05-21T03:27:42+00:00</updated>
<author>
<name>Het Patel</name>
<email>hetpat@cisco.com</email>
</author>
<published>2026-05-08T06:27:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9500d051954b2c42869085e093efc684f8bd5076'/>
<id>urn:sha1:9500d051954b2c42869085e093efc684f8bd5076</id>
<content type='text'>
- Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE
reporting.

Signed-off-by: Het Patel &lt;hetpat@cisco.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit a428ea90c08fc93ce5e39612974323aad26d1ef3)
Signed-off-by: Himanshu Jadon &lt;hjadon@cisco.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
</feed>
