<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-openembedded.git/meta-webserver, branch scarthgap</title>
<subtitle>Mirror of git.openembedded.org/meta-openembedded</subtitle>
<id>https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=scarthgap'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/'/>
<updated>2026-05-21T04:26:23+00:00</updated>
<entry>
<title>nginx: patch CVE-2026-42946</title>
<updated>2026-05-21T04:26:23+00:00</updated>
<author>
<name>Theo Gaige (Schneider Electric)</name>
<email>tgaige.opensource@witekio.com</email>
</author>
<published>2026-05-20T14:24:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=29653f38cda7c40061e0ce6c2c2ccdbf93ddde9c'/>
<id>urn:sha1:29653f38cda7c40061e0ce6c2c2ccdbf93ddde9c</id>
<content type='text'>
Backport patches [1] and [2] mentioned in [3].

[1] https://github.com/nginx/nginx/commit/baef7fdac28e4e1fe26509b50b8d15603393e28e

[2] https://github.com/nginx/nginx/commit/39d7d0ba0799fcff6baee52b6525f45739593cfd

[3] https://security-tracker.debian.org/tracker/CVE-2026-42946

Signed-off-by: Theo Gaige (Schneider Electric) &lt;tgaige.opensource@witekio.com&gt;
Reviewed-by: Bruno Vernay &lt;bruno.vernay@se.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nginx: patch CVE-2026-42945</title>
<updated>2026-05-21T04:26:22+00:00</updated>
<author>
<name>Theo Gaige (Schneider Electric)</name>
<email>tgaige.opensource@witekio.com</email>
</author>
<published>2026-05-20T14:24:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=96870679e8b6a0ec8eb9a98e2826e28675380aad'/>
<id>urn:sha1:96870679e8b6a0ec8eb9a98e2826e28675380aad</id>
<content type='text'>
Backport patch [1] mentioned in [2].

[1] https://github.com/nginx/nginx/commit/524977e7c534e87e5b55739fa74601c9f1102686

[2] https://security-tracker.debian.org/tracker/CVE-2026-42945

Signed-off-by: Theo Gaige (Schneider Electric) &lt;tgaige.opensource@witekio.com&gt;
Reviewed-by: Bruno Vernay &lt;bruno.vernay@se.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nginx: patch CVE-2026-42934</title>
<updated>2026-05-21T04:26:22+00:00</updated>
<author>
<name>Theo Gaige (Schneider Electric)</name>
<email>tgaige.opensource@witekio.com</email>
</author>
<published>2026-05-20T14:24:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=b7758e938033f6de4eba476848cf2b1411133a31'/>
<id>urn:sha1:b7758e938033f6de4eba476848cf2b1411133a31</id>
<content type='text'>
Backport patch [1] mentioned in [2].

[1] https://github.com/nginx/nginx/commit/54b7945961b2eaafc480d6b85d9635d0db1c126a

[2] https://security-tracker.debian.org/tracker/CVE-2026-42934

Signed-off-by: Theo Gaige (Schneider Electric) &lt;tgaige.opensource@witekio.com&gt;
Reviewed-by: Bruno Vernay &lt;bruno.vernay@se.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nginx: patch CVE-2026-40701</title>
<updated>2026-05-21T04:26:21+00:00</updated>
<author>
<name>Theo Gaige (Schneider Electric)</name>
<email>tgaige.opensource@witekio.com</email>
</author>
<published>2026-05-20T14:24:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=167e8b64dd9557406c39b6c0bc142ac0fd3a63dc'/>
<id>urn:sha1:167e8b64dd9557406c39b6c0bc142ac0fd3a63dc</id>
<content type='text'>
Backport patch [1] mentioned in [2].

[1] https://github.com/nginx/nginx/commit/d2b8d47741820c9fb134c6731ecb40b21f3085b1

[2] https://security-tracker.debian.org/tracker/CVE-2026-40701

Signed-off-by: Theo Gaige (Schneider Electric) &lt;tgaige.opensource@witekio.com&gt;
Reviewed-by: Bruno Vernay &lt;bruno.vernay@se.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>apache2: upgrade 2.4.66 -&gt; 2.4.67</title>
<updated>2026-05-21T03:27:44+00:00</updated>
<author>
<name>Liyin Zhang</name>
<email>liyin.zhang.cn@windriver.com</email>
</author>
<published>2026-05-13T05:04:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=9f64ff03f593165af924356556614db2bf0d0c57'/>
<id>urn:sha1:9f64ff03f593165af924356556614db2bf0d0c57</id>
<content type='text'>
Security fixes:
- CVE-2026-34059
- CVE-2026-34032
- CVE-2026-33857
- CVE-2026-33523
- CVE-2026-33007
- CVE-2026-33006
- CVE-2026-29169
- CVE-2026-29168
- CVE-2026-28780
- CVE-2026-24072
- CVE-2026-23918

See: https://archive.apache.org/dist/httpd/CHANGES_2.4.67

Signed-off-by: Liyin Zhang &lt;liyin.zhang.cn@windriver.com&gt;
Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nginx: fix CVE-2026-32647</title>
<updated>2026-04-29T04:44:29+00:00</updated>
<author>
<name>Hitendra Prajapati</name>
<email>hprajapati@mvista.com</email>
</author>
<published>2026-04-22T12:39:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=7ba6689d13b7a3b1344430d770069dd887e71dc0'/>
<id>urn:sha1:7ba6689d13b7a3b1344430d770069dd887e71dc0</id>
<content type='text'>
As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix.
Backport the commit[3] from 1.28.3 changelog matching the description.

[1] https://my.f5.com/manage/s/article/K000160366
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-32647
[3] https://github.com/nginx/nginx/commit/a172c880cb51f882a5dc999437e8b3a4f87630cc

Signed-off-by: Hitendra Prajapati &lt;hprajapati@mvista.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nginx: set CVE_PRODUCT</title>
<updated>2026-04-29T04:44:29+00:00</updated>
<author>
<name>Gyorgy Sarvari</name>
<email>skandigraun@gmail.com</email>
</author>
<published>2026-04-16T21:25:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=a26a769011ca88a8756b412fb11f6456ca334284'/>
<id>urn:sha1:a26a769011ca88a8756b412fb11f6456ca334284</id>
<content type='text'>
nginx has a long history, and has used multiple CPEs
over time. Set CVE_PRODUCT to reflect current and historic
vendor:product pairs.

Signed-off-by: Gyorgy Sarvari &lt;skandigraun@gmail.com&gt;
Signed-off-by: Khem Raj &lt;raj.khem@gmail.com&gt;
(cherry picked from commit d25aadbbb53d54382b4b82b1f78a69d4d117fd28)
Signed-off-by: Colin Pinnell McAllister &lt;colin.mcallister@garmin.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nginx: fix CVE-2026-28753</title>
<updated>2026-04-15T08:42:18+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-04-09T11:22:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=5124ac4a658899158f4a7a2ddf1d2ca931ec7d0e'/>
<id>urn:sha1:5124ac4a658899158f4a7a2ddf1d2ca931ec7d0e</id>
<content type='text'>
As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix.
Backport the commit[3] from 1.28.3 changelog matching the description.

[1] https://my.f5.com/manage/s/article/K000160367
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-28753
[3] https://github.com/nginx/nginx/commit/6a8513761fb327f67fcc6cfcf1ad216887e2589f

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nginx: fix CVE-2026-27654</title>
<updated>2026-04-15T08:42:18+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-04-09T11:22:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=24459e3f5c236726a27f74e8b748daaf265fdcb3'/>
<id>urn:sha1:24459e3f5c236726a27f74e8b748daaf265fdcb3</id>
<content type='text'>
As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix.
Backport the commit[3] from 1.28.3 changelog matching the description.

[1] https://my.f5.com/manage/s/article/K000160382
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-27654
[3] https://github.com/nginx/nginx/commit/a1d18284e0a173c4ef2b28425535d0f640ae0a82

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
<entry>
<title>nginx: fix CVE-2026-27651</title>
<updated>2026-04-15T08:42:18+00:00</updated>
<author>
<name>Ankur Tyagi</name>
<email>ankur.tyagi85@gmail.com</email>
</author>
<published>2026-04-09T11:22:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-openembedded.git/commit/?id=958cca39870ffba7e657b28cc25ee107fb57a2b8'/>
<id>urn:sha1:958cca39870ffba7e657b28cc25ee107fb57a2b8</id>
<content type='text'>
As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix.
Backport the commit[3] from 1.28.3 changelog matching the description.

[1] https://my.f5.com/manage/s/article/K000160383
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-27651
[3] https://github.com/nginx/nginx/commit/0f71dd8ea94ab8c123413b2e465be12a35392e9c

Signed-off-by: Ankur Tyagi &lt;ankur.tyagi85@gmail.com&gt;
Signed-off-by: Anuj Mittal &lt;anuj.mittal@oss.qualcomm.com&gt;
</content>
</entry>
</feed>
