linux/meta-openembedded.git/meta-webserver, branch scarthgap

nginx: fix CVE-2026-28753

2026-04-15T08:42:18+00:00

As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix. Backport the commit[3] from 1.28.3 changelog matching the description. [1] https://my.f5.com/manage/s/article/K000160367 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-28753 [3] https://github.com/nginx/nginx/commit/6a8513761fb327f67fcc6cfcf1ad216887e2589f Signed-off-by: Ankur Tyagi Signed-off-by: Anuj Mittal

nginx: fix CVE-2026-27654

2026-04-15T08:42:18+00:00

As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix. Backport the commit[3] from 1.28.3 changelog matching the description. [1] https://my.f5.com/manage/s/article/K000160382 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-27654 [3] https://github.com/nginx/nginx/commit/a1d18284e0a173c4ef2b28425535d0f640ae0a82 Signed-off-by: Ankur Tyagi Signed-off-by: Anuj Mittal

nginx: fix CVE-2026-27651

2026-04-15T08:42:18+00:00

As per the advisory[1] mentioned in NVD[2], version 1.28.3 contains the fix. Backport the commit[3] from 1.28.3 changelog matching the description. [1] https://my.f5.com/manage/s/article/K000160383 [2] https://nvd.nist.gov/vuln/detail/CVE-2026-27651 [3] https://github.com/nginx/nginx/commit/0f71dd8ea94ab8c123413b2e465be12a35392e9c Signed-off-by: Ankur Tyagi Signed-off-by: Anuj Mittal

nginx: Fix for CVE-2026-28755

2026-04-13T07:10:15+00:00

Pick patch from [1] which mentioned in debian report [2] [1] https://github.com/nginx/nginx/commit/78f581487706f2e43eea5a060c516fc4d98090e8 [2] https://security-tracker.debian.org/tracker/CVE-2026-28755 Note: Add different patch for both version to resolve fuzz issue. Signed-off-by: Hitendra Prajapati Signed-off-by: Anuj Mittal

nginx: Fix for CVE-2026-27784

2026-04-13T07:01:29+00:00

Pick patch from [1] which mentioned in debian report with [2] [1] https://github.com/nginx/nginx/commit/b23ac73b00313d159a99636c21ef71b828781018 [2] https://security-tracker.debian.org/tracker/CVE-2026-27784 More details: https://nvd.nist.gov/vuln/detail/CVE-2026-27784 Signed-off-by: Hitendra Prajapati Signed-off-by: Anuj Mittal

hiawatha: fix SRC_URI

2026-03-24T03:22:12+00:00

The tarball was moved to a new folder on the source server. Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal

README: update listed maintainer

2026-02-25T08:28:47+00:00

Signed-off-by: Anuj Mittal

fcgi: add follow-up patch for CVE-2025-23016

2026-02-25T07:30:46+00:00

New release [1] added additional fir for this CVE. [1] https://github.com/FastCGI-Archives/fcgi2/releases/tag/2.4.7 Signed-off-by: Peter Marko Signed-off-by: Anuj Mittal

nginx: patch CVE-2026-1642

2026-02-25T07:30:44+00:00

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-1642 Pick the commit that was identified by the reporter on the oss-sec mailing list[1] [1]: https://www.openwall.com/lists/oss-security/2026/02/05/1 Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal

netdata: ignore CVE-2024-32019

2026-02-09T04:05:57+00:00

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-32019 The vulnerability affects the ndsudo binary, part of netdata. This binary was introduced in version 1.45.0[1], and the recipe contains v1.34.1 - which is not vulnerable yet. Ignore the CVE due to this. [1]: https://github.com/netdata/netdata/commit/0c8b46cbfd05109a45ee4de27f034567569fa3fa Signed-off-by: Gyorgy Sarvari Signed-off-by: Anuj Mittal