libraw: mark fixed CVEs patched

These CVEs have been fixed already in the current version, however NVD tracks them with incorrect version information. Commits that fix them: CVE-2026-20884: https://github.com/LibRaw/LibRaw/commit/aa4458eb511daeae90676c1ce5c587106e4aaec1 CVE-2026-24450: https://github.com/LibRaw/LibRaw/commit/c911c9b9edffa5fab99f828d0fee6dd2d0f6105f These commits were identified from the changelog of this version[1], which mentions the Talos ID of the vulnerabilities (and the Talos ID is mentioned in the NVD reports[2][3]). [1]: https://github.com/LibRaw/LibRaw/releases/tag/0.22.1 [2]: https://nvd.nist.gov/vuln/detail/CVE-2026-24450 [3]: https://nvd.nist.gov/vuln/detail/CVE-2026-20884 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2026-04-13 20:02:24 +0200
committer: Khem Raj <khem.raj@oss.qualcomm.com> 2026-04-13 15:28:24 -0700
commit: 7355320e1278891540fc828af791d97a283fc905 (patch)
tree: 1861b4465493df58ec28b1a5edc9812d6f0fc2cd
parent: 15b3c0f141be8f28029b6d59880435591efe0669 (diff)
download: meta-openembedded-7355320e1278891540fc828af791d97a283fc905.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
index bd0a4c0b03..2e11a7f1f9 100644
--- a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
+++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
@@ -11,3 +11,5 @@ DEPENDS = "jpeg jasper lcms"
 CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1"
 CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1"
+CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2026-04-13 20:02:24 +0200
committer	Khem Raj <khem.raj@oss.qualcomm.com>	2026-04-13 15:28:24 -0700
commit	7355320e1278891540fc828af791d97a283fc905 (patch)
tree	1861b4465493df58ec28b1a5edc9812d6f0fc2cd
parent	15b3c0f141be8f28029b6d59880435591efe0669 (diff)
download	meta-openembedded-7355320e1278891540fc828af791d97a283fc905.tar.gz

diff --git a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb index bd0a4c0b03..2e11a7f1f9 100644 --- a/meta-oe/recipes-support/libraw/libraw_0.22.1.bb +++ b/meta-oe/recipes-support/libraw/libraw_0.22.1.bb
@@ -11,3 +11,5 @@ DEPENDS = "jpeg jasper lcms"
11		11
12	CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1"	12	CVE_STATUS[CVE-2026-5318] = "fixed-version: fixed since 0.22.1"
13	CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"	13	CVE_STATUS[CVE-2026-5342] = "fixed-version: fixed since 0.22.1"
		14	CVE_STATUS[CVE-2026-20884] = "fixed-version: fixed since 0.22.1"
		15	CVE_STATUS[CVE-2026-24450] = "fixed-version: fixed since 0.22.1"