| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
| |
Disable by default to avoid a requirement for meta-gnome
Signed-off-by: Markus Volk <f_l_k@t-online.de>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Backport the patch[1] which fixes this vulnerability as mentioned in the
comment[3].
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26209
[1] https://github.com/agronholm/cbor2/commit/e61a5f365ba610d5907a0ae1bc72769bba34294b
[2] https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824 (pre patch)
[3] https://github.com/agronholm/cbor2/pull/275
Dropped changes to the changelog from the original commit.
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Pick patch according to [1]
[1] https://www.facebook.com/security/advisories/cve-2026-23868
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-23868
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Pick commits according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-0966
[2] https://www.libssh.org/security/advisories/CVE-2026-0966.txt
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Pick commits according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-0964
[2] https://www.libssh.org/security/advisories/CVE-2026-0964.txt
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of fixing the build with clang this is now breaking it after 2.11.8 commit:
https://github.com/FreeRDP/FreeRDP/commit/67818bddb31900cdf3acb26cb0b673cc90b71cc9
freerdp/2.11.8/git/client/Wayland/wlfreerdp.c:637:19: error: incompatible function pointer types assigning to 'OBJECT_NEW_FN' (aka 'void *(*)(const void *)') from 'void *(void *)' [-Wincompatible-function-pointer-types]
637 | obj->fnObjectNew = uwac_event_clone;
| ^ ~~~~~~~~~~~~~~~~
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When building bluealsa with building static libraries NOT disabled, you
get the following error:
ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_pcm_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: QA Issue: non -staticdev package
contains static .a library: bluealsa path
'/usr/lib/alsa-lib/libasound_module_ctl_bluealsa.a' [staticdev]
ERROR: bluealsa-4.3.0-r0 do_package_qa: Fatal QA errors were found,
failing task.
Fix this by explicitly putting these files in the -staticdev package.
Signed-off-by: Matthias Proske <matthias.p@variscite.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1a9744b3cabd440ff0cece448a3b9717da8cfd97)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* fixes:
http://errors.yoctoproject.org/Errors/Details/848727/
ss_internal.h:88:6: error: conflicting types for 'ss_delete_info_dir'; have 'void(void)'
88 | void ss_delete_info_dir();
| ^~~~~~~~~~~~~~~~~~
...
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f26536c2f6f0617610fca95e5bb6953e843f9288)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a
valid dependency in OE.
Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the
correct provider.
Signed-off-by: Aviv Daum <aviv.daum@gmail.com>
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
(cherry picked from commit cec3e0fd96650a133c6b0d60eb2b52d1aa7cd742)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61147
Backport the patch referenced by the NVD advisory.
Note that this is a partial backport - only the parts that are
used by the application, and without pulling in c++17 headers.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
10.11 is an LTS version of MariaDB. This upgrade is part of that commitment.
Release notes:
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.16
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.15
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.14
https://mariadb.com/docs/release-notes/community-server/10.11/10.11.13
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837
Both vulnerabilities have been fixed in 0.10.5.
Relevant commits:
CVE-2025-12474: https://github.com/libjxl/libjxl/commit/5ce68976a5abfaea7b3086036ab9f6543ab5b29e
CVE-2026-1837: https://github.com/libjxl/libjxl/commit/36b0cecaa12f643d03c16bd32e5f83775c912b07
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Move gnutls from a hard dependency to a PACKAGECONFIG option defaulting
to gnutls. This allows users to select openssl as an alternative crypto
library by setting PACKAGECONFIG.
Signed-off-by: Nguyen Dat Tho <tho3.nguyen@lge.com>
Signed-off-by: Sujeet Nayak <sujeetnayak1976@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25990
Backport commit[1] which fixes this vulnerability as mentioned NVD report in [2].
[1] https://github.com/python-pillow/Pillow/commit/9000313cc5d4a31bdcdd6d7f0781101abab553aa
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-25990
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32597
Backport commit[1] which fixes this vulnerability as mentioned in [2].
[1] https://github.com/jpadilla/pyjwt/commit/051ea341b5573fe3edcd53042f347929b92c2b92
[2] https://security-tracker.debian.org/tracker/CVE-2026-32597
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32239
https://nvd.nist.gov/vuln/detail/CVE-2026-32240
Backport the patch that is referenced by the NVD advisories.
(Same patch for both vulnerabilities)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-39327
Take the patch that is used by OpenSUSE to mitigate this vulnerability.
Upstream seems to be unresponsive to this issue.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
(cherry picked from commit fdddf2bdd3dea0ac53effbae904b4dcf0e8adf45)
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
| |
The tarball was moved to a new folder on the source server.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-69204
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68950
Backport the patch that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68618
Backport the commit that is referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27631
Backport the patches referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-27596
Backport the commits referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-25884
Backport the commits referenced by the NVD advisory.
One of the patches contain some binary data (for test data),
which needs to be applied with git PATCHTOOL.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606
Pick the commit that is marked to solve the related Github
issue[1]. Its commit message also references the CVE ID explicitly.
[1]: https://github.com/Ettercap/ettercap/issues/1297
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Pick commits according to [1]
[1] https://security-tracker.debian.org/tracker/CVE-2026-3731
[2] https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Pick patch from [1] also mentioned in [2]
[1] https://gitlab.com/wireshark/wireshark/-/issues/20944
[2] https://security-tracker.debian.org/tracker/CVE-2026-0960
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Drop patches that are included in this release.
Changes: https://www.php.net/ChangeLog-8.php#8.2.30
- Curl: Fix curl build and test failures with version 8.16.
- Opcache: Reset global pointers to prevent use-after-free in zend_jit_status().
- PDO: PDO quoting result null deref - CVE-2025-14180
- Null byte termination in dns_get_record()
- Heap buffer overflow in array_merge() - CVE-2025-14178
- Information Leak of Memory in getimagesize - CVE-2025-14177
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Pick patch from [1] also mentioned in [2]
[1] https://gitlab.com/wireshark/wireshark/-/issues/20972
[2] https://security-tracker.debian.org/tracker/CVE-2026-3201
More details : https://nvd.nist.gov/vuln/detail/CVE-2026-3201
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Building of nativesdk-pistache aborted due to
missing dependency with brotli.
Fixed by extending brotli recipe to build nativesdk
Signed-off-by: Christos Gavros <gavrosc@yahoo.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit cf95ee0ff541289c9423e463b1ee607b642ad1f0)
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Some SDK dependency chains require yasm to be available
as SDK artifacts. The current metadata only partially provides this,
which can lead to dependency resolution failures when this recipe is pulled
into SDK-oriented builds.
This change does not alter target package behavior; it only enables required
nativesdk variant for build and SDK integration paths.
Signed-off-by: Deepak Rathore <deeratho@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26227
https://nvd.nist.gov/vuln/detail/CVE-2026-26228
Both vulnerabilities affect only the Android version of VLC, not
the other ones. Because of this, ignore these CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
There is an additional patch for CVE-2026-0797, which is not mentioned
in the CVE advisory, nor in the related issue nor in the related PR, however
both the change, and the commit message shows that this is a continuation
of the original fix, which was incomplete.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This CVE is fixed in current libsass recipe version.
So wrapper around it will also not show this problem.
It's usual usecase is to be statically linked with libsass which is
probably the reason why this is listed as vulnerable component.
[1] links [2] as issue tracker which points to [3] as fix.
[4] as base repository for the recipe is not involved and files from [3]
are not present in this repository.
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-43357
[2] https://github.com/sass/libsass/issues/3177
[3] https://github.com/sass/libsass/pull/3184
[4] https://github.com/sass/sassc/
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 576b84263bac4dda26d84d116a9e7628a126f866)
Scarthgap has also the fixed libsass version (3.6.6), the CVE can
be considered fixed.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Debian has fixed this CVE with [1].
That patch is taken from [2].
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git describe 69628ea13
v0.13.1-190-g69628ea1
.../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git tag --contains 69628ea13
v0.13.2
[1] https://sources.debian.org/patches/spice/0.12.5-1%2Bdeb8u5/CVE-2016-2150/0002-improve-primary-surface-parameter-checks.patch/
[2] https://gitlab.freedesktop.org/spice/spice/-/commit/69628ea1375282cb7ca5b4dc4410e7aa67e0fc02
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit e44f3251b552773fe9346fdf7aab244377cf6007)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
NVD tracks this as version-less CVE for spice.
It was fixed by [1] and [2] included in 0.13.2.
[1] https://gitlab.freedesktop.org/spice/spice/-/commit/6b32af3e1746988bb5a5123263bcf61b65e5be7e
[2] https://gitlab.freedesktop.org/spice/spice/-/commit/359ac42a7ac02dcd1013757559292006647cd5c4
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 073e8452748132a93103e5db32dc9980c84d201c)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
It is fixed by [1] since 0.15.3.
NVD tracks this CVE as version-less.
[1] https://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7e17f8cec02d20813fb8368ccc1c5ae27b291383)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065
The vulnerability is about a 3rd party Windows-only GUI frontend for
the streamripper library, and not for the CLI application that the
recipe builds. Due to this ignore this CVE.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1571c1a8e5e876db9db744d0a3e3256ac585242b)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
| |
Contains fiuxes for CVE-2026-25673 and CVE-2026-25674.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0994
The vulnerability impacts only the python bindings of protobuf, which
is in a separate recipe (python3-protobuf, where it is patched).
Ignore this CVE in this recipe due to this.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 398fa05aa8bf7ce17dc40ed99edfc6a88feeb541)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug fix release, mostly CVE fixes.
Drop patches that are included.
Changelog:
0.10.5:
fix tile dimension in low memory rendering pipeline (CVE-2025-12474)
fix number of channels for gray-to-gray color transform (CVE-2026-1837)
djxl: reject decoding JXL files if "packed" representation size overflows size_t
0.10.4:
Huffman lookup table size fix (CVE-2024-11403)
Check height limit in modular trees (CVE-2024-11498)
0.10.3:
fixed decoding of some special images
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184
Backport the patches referenced by upstream in the bug
mentioned by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2021-3982
The vulnerability is about a privilege escalation, in case
the host distribution sets CAP_SYS_NICE capability on the
gnome-shell binary.
OE distros don't do that, and due to this this recipe is not
affected by this issue. The CVE is ignored.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 4d6e24106c78eed3b9d9a36115df8d2f057f5178)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2048
Pick the patch from the relevant upstream issue[1];
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15554
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2047
The vulnerability exists in ICNS importer, which was first introduced in
version 3.0 [1], and the code is not present in the recipe version.
Due to this, ignore this CVE.
[1]: https://gitlab.gnome.org/GNOME/gimp/-/commit/00232e17875d4676a2c797a429db23b1a9815db8
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2045
Pick the patch associated with the relevant upstream issue[1].
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15293
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-2044
Pick the patch referenced by the NVD advisory.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0797
The patch referenced in the NVD report looks incorrect.
This change in this patch was taken from the related upstream issue[1].
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/15555
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2761
Pick the patch from the relevant upstream bug[1].
[1]: https://gitlab.gnome.org/GNOME/gimp/-/issues/13073
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|
| |
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2760
Use the fixes from Debian.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
|