summaryrefslogtreecommitdiffstats
path: root/meta-networking
Commit message (Collapse)AuthorAgeFilesLines
* dnsmasq: Fix CVE-2026-5172Hugo SIMELIERE (Schneider Electric)2026-05-212-0/+40
| | | | | | | | | | Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-5172.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com> Reviewed-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* dnsmasq: Fix CVE-2026-4893Hugo SIMELIERE (Schneider Electric)2026-05-212-0/+39
| | | | | | | | | | Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-4893.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com> Reviewed-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* dnsmasq: Fix CVE-2026-4892Hugo SIMELIERE (Schneider Electric)2026-05-212-0/+42
| | | | | | | | | | Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-4892.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com> Reviewed-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* dnsmasq: Fix CVE-2026-4891Hugo SIMELIERE (Schneider Electric)2026-05-212-0/+45
| | | | | | | | | | Pick patch from [1] dnsmasq 2.90 debian bookworm pacthes. [1] https://sources.debian.org/src/dnsmasq/2.90-4~deb12u2/debian/patches/CVE-2026-4891.patch Signed-off-by: Hugo SIMELIERE (Schneider Electric) <hsimeliere.opensource@witekio.com> Reviewed-by: Bruno VERNAY <bruno.vernay@se.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* strongswan: fix for CVE-2026-35334Hitendra Prajapati2026-05-212-0/+256
| | | | | | | | | | | Pick patch according to [1] [1] https://download.strongswan.org/security/CVE-2026-35334 [2] https://www.strongswan.org/blog/2026/04/22/strongswan-vulnerability-(cve-2026-35334).html [3] https://security-tracker.debian.org/tracker/CVE-2026-35334 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nanomsg: upgrade 1.2.1 -> 1.2.2Ankur Tyagi2026-05-211-1/+1
| | | | | | | | Changelog: https://github.com/nanomsg/nanomsg/releases/tag/1.2.2 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* postfix: upgrade 3.8.12 -> 3.8.16Ankur Tyagi2026-05-211-1/+1
| | | | | | | | | | | | | | | | | 3.8.13 http://www.postfix.org/announcements/postfix-3.10.6.html 3.8.14 http://www.postfix.org/announcements/postfix-3.10.7.html 3.8.15 http://www.postfix.org/announcements/postfix-3.10.8.html 3.8.16 http://www.postfix.org/announcements/postfix-3.11.2.html Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* frr: patch CVE-2026-28532Ankur Tyagi2026-05-212-0/+310
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-28532 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* firewalld: upgrade 1.3.2 -> 1.3.4Ankur Tyagi2026-05-211-1/+1
| | | | | | | | https://github.com/firewalld/firewalld/releases/tag/v1.3.3 https://github.com/firewalld/firewalld/releases/tag/v1.3.4 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* open-vm-tools: Add entry to CVE_PRODUCT to support the product nameHet Patel2026-05-211-1/+1
| | | | | | | | | | | - Added 'vmware:open_vm_tools' to CVE_PRODUCT to align with the NVD CPE and ensure accurate CVE reporting. Signed-off-by: Het Patel <hetpat@cisco.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9b69587ecb92b3acb7b3092217357de9c1be14e6) Signed-off-by: Himanshu Jadon <hjadon@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* wireshark: fix for CVE-2025-13946Hitendra Prajapati2026-05-212-0/+52
| | | | | | | | | | | Pick patch from [1] also mentioned at NVD report in [2] [1] https://gitlab.com/wireshark/wireshark/-/issues/20884 [2] https://nvd.nist.gov/vuln/detail/CVE-2025-13946 [3] https://security-tracker.debian.org/tracker/CVE-2025-13946 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* corosync: patch CVE-2026-35092Gyorgy Sarvari2026-04-292-0/+58
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35092 Pick the patch that mentions the CVE ID explicitly (the same commit was identified by Debian also[1]) [1]: https://security-tracker.debian.org/tracker/CVE-2026-35092 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit af73e716bc7150ae8d912d8af00f6995e25f2031) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* corosync: patch CVE-2026-35091Gyorgy Sarvari2026-04-292-0/+48
| | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-35091 Pick the patch that mentions the CVE ID explicitly (it was identified by Debian also as the fix[1]) [1]: https://security-tracker.debian.org/tracker/CVE-2026-35091 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 701b22fda35648efc333d6e6e7abd8e70aa49870) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* unbound: Fix CVE-2025-11411Jackson James2026-04-134-49/+2029
| | | | | | | | | | | | | | | Backport complete patch to fix CVE-2025-11411 The existing scarthgap patch is a partial backport with hardcoded logic, causing incorrect behavior and ptest failures. Backport the full upstream fix along with the follow-up patch to ensure correct functionality. Add below patch to fix 0001-CVE-2025-11411-1.patch 0002-CVE-2025-11411-2.patch Signed-off-by: Jackson James <jacksonj2@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* mbedtls: upgrade 3.6.5 -> 3.6.6Gyorgy Sarvari2026-04-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Contains fixes for CVE-2026-25833, CVE-2026-25834, CVE-2026-25835, CVE-2026-34872, CVE-2026-34873, CVE-2026-34874 and CVE-2026-34875. Changelog: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6 Ptests passed: root@qemux86:~# ptest-runner mbedtls START: ptest-runner 2026-04-09T10:41 BEGIN: /usr/lib/mbedtls/ptest ... ... DURATION: 508 END: /usr/lib/mbedtls/ptest 2026-04-09T10:49 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit fe1b038cd814102b317c6896f265019909a67de8) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* strongswan: Fix CVE-2026-25075Vijay Anusuri2026-04-032-0/+51
| | | | | | | | | | Pick patch according to [1] [1] https://download.strongswan.org/security/CVE-2026-25075/ [2] https://www.strongswan.org/blog/2026/03/23/strongswan-vulnerability-(cve-2026-25075).html Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* lldpd: fix xml PACKAGECONFIG dependencyAviv Daum2026-03-241-1/+1
| | | | | | | | | | | | | | The xml PACKAGECONFIG entry uses libxm2, which is a typo and not a valid dependency in OE. Replace it with libxml2 so enabling PACKAGECONFIG:xml pulls in the correct provider. Signed-off-by: Aviv Daum <aviv.daum@gmail.com> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit cec3e0fd96650a133c6b0d60eb2b52d1aa7cd742) Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* ettercap: patch CVE-2026-3603Gyorgy Sarvari2026-03-242-1/+51
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3606 Pick the commit that is marked to solve the related Github issue[1]. Its commit message also references the CVE ID explicitly. [1]: https://github.com/Ettercap/ettercap/issues/1297 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* wireshark: Fix CVE-2026-0960Hitendra Prajapati2026-03-242-0/+44
| | | | | | | | | | Pick patch from [1] also mentioned in [2] [1] https://gitlab.com/wireshark/wireshark/-/issues/20944 [2] https://security-tracker.debian.org/tracker/CVE-2026-0960 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* wireshark: Fix CVE-2026-3201Hitendra Prajapati2026-03-242-0/+56
| | | | | | | | | | | | Pick patch from [1] also mentioned in [2] [1] https://gitlab.com/wireshark/wireshark/-/issues/20972 [2] https://security-tracker.debian.org/tracker/CVE-2026-3201 More details : https://nvd.nist.gov/vuln/detail/CVE-2026-3201 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* spice: set CVE-2016-2150 status to fixedPeter Marko2026-03-241-0/+1
| | | | | | | | | | | | | | | | | | | Debian has fixed this CVE with [1]. That patch is taken from [2]. .../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git describe 69628ea13 v0.13.1-190-g69628ea1 .../tmp/work/core2-64-poky-linux/spice/0.15.2/git$ git tag --contains 69628ea13 v0.13.2 [1] https://sources.debian.org/patches/spice/0.12.5-1%2Bdeb8u5/CVE-2016-2150/0002-improve-primary-surface-parameter-checks.patch/ [2] https://gitlab.freedesktop.org/spice/spice/-/commit/69628ea1375282cb7ca5b4dc4410e7aa67e0fc02 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit e44f3251b552773fe9346fdf7aab244377cf6007) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* spice: ignore CVE-2016-0749Peter Marko2026-03-241-0/+1
| | | | | | | | | | | | | | NVD tracks this as version-less CVE for spice. It was fixed by [1] and [2] included in 0.13.2. [1] https://gitlab.freedesktop.org/spice/spice/-/commit/6b32af3e1746988bb5a5123263bcf61b65e5be7e [2] https://gitlab.freedesktop.org/spice/spice/-/commit/359ac42a7ac02dcd1013757559292006647cd5c4 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 073e8452748132a93103e5db32dc9980c84d201c) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* spice-gtk: mark CVE-2012-4425 as fixedPeter Marko2026-03-241-0/+2
| | | | | | | | | | | | | It is fixed by [1] since 0.15.3. NVD tracks this CVE as version-less. [1] https://cgit.freedesktop.org/spice/spice-gtk/commit/?id=efbf867bb88845d5edf839550b54494b1bb752b9 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7e17f8cec02d20813fb8368ccc1c5ae27b291383) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* keepalived: patch CVE-2024-41184Gyorgy Sarvari2026-03-245-0/+317
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-41184 Backport the patches referenced by upstream in the bug mentioned by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* mbedtls: Do not set LIB_INSTALL_DIR to an absolute path to make ↵haonguyen-qualgo2026-03-232-4/+0
| | | | | | | MbedTLSTargets.cmake relocateable Signed-off-by: haonguyen-qualgo <hao.nna@qualgo.net> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* README: update listed maintainerAnuj Mittal2026-02-252-2/+2
| | | | Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* wireshark 4.2.14: Fix CVE-2026-0962Anil Dongare2026-02-252-0/+153
| | | | | | | | | | | | | Upstream Repository: https://gitlab.com/wireshark/wireshark.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2026-0962 Type: Security Fix CVE: CVE-2026-0962 Score: 6.5 Patch: https://gitlab.com/wireshark/wireshark/-/commit/825b83e1ed14 Signed-off-by: Anil Dongare <adongare@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* dovecot: ignore CVE-2025-30189Ankur Tyagi2026-02-251-0/+1
| | | | | | | | | | | Vulnerable versions are 2.4.0, 2.4.1 according to the full disclosure[1] Details: https://nvd.nist.gov/vuln/detail/CVE-2025-30189 [1] https://seclists.org/fulldisclosure/2025/Oct/29 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* proftpd: ignore CVE-2021-47865Gyorgy Sarvari2026-02-121-0/+1
| | | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2021-47865 This CVE was opened based on a 5 years old Github issue[1], and has been made public recently. The CVE wasn't officially disputed (yet?), but based on the description and the given PoC the application is working as expected. The vulnerability description and the PoC basically configures proftpd to accept maximum x connections, and then when the user tries to open x + 1 concurrent connections, it refuses new connections over the configured limit. See also discussion in the Github issue. It seems that it won't be fixed, because there is nothing to fix. [1]: https://github.com/proftpd/proftpd/issues/1298 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* ez-ipupdate: patch CVE-2003-0887Gyorgy Sarvari2026-02-092-0/+165
| | | | | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2003-0887 The vulnerability is about the default (example) configurations, which place cache files into the /tmp folder, that is world-writeable. The recommendation would be to place them to a more secure folder. The recipe however does not install these example configurations, and as such it is not vulnerable either. Just to make sure, patch these folders to a non-tmp folder (and also install that folder, empty). Some more discussion about the vulnerability: https://bugzilla.suse.com/show_bug.cgi?id=48161 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com> (cherry picked from commit 0080dd79731efa1cca150730c5ac39bad82f7095) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* wireshark: fix for CVE-2026-0959Hitendra Prajapati2026-02-092-0/+66
| | | | | | | Upstream-Status: Backport from https://gitlab.com/wireshark/wireshark/-/commit/4b48ee36f1829d6d3d009bf9871af523ce8e3ace Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tcpreplay: fix CVE-2025-51006Archana Polampalli2026-01-262-0/+98
| | | | | | | | | | | | Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the dlt_linuxsll2_cleanup() function in plugins/dlt_linuxsll2/linuxsll2.c. This vulnerability is triggered when tcpedit_dlt_cleanup() indirectly invokes the cleanup routine multiple times on the same memory region. By supplying a specifically crafted pcap file to the tcprewrite binary, a local attacker can exploit this flaw to cause a Denial of Service (DoS) via memory corruption. Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openvpn: ignore CVE-2025-13751Gyorgy Sarvari2026-01-261-0/+1
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-13751 The vulnerability is Windows specific, can be ignored. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* strongswan: patch CVE-2025-62291Gyorgy Sarvari2026-01-262-1/+47
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-62291 Pick the patch that is mentioned on the vendor's blog[1], that is also referenced in the NVD report. [1]: https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-%28cve-2025-62291%29.html Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* frr: patch multiple CVEsAnkur Tyagi2026-01-195-0/+511
| | | | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61099 https://nvd.nist.gov/vuln/detail/CVE-2025-61100 https://nvd.nist.gov/vuln/detail/CVE-2025-61101 https://nvd.nist.gov/vuln/detail/CVE-2025-61102 https://nvd.nist.gov/vuln/detail/CVE-2025-61103 https://nvd.nist.gov/vuln/detail/CVE-2025-61104 https://nvd.nist.gov/vuln/detail/CVE-2025-61105 https://nvd.nist.gov/vuln/detail/CVE-2025-61106 https://nvd.nist.gov/vuln/detail/CVE-2025-61107 The PR[1] mentioned in nvd got closed without merge due to unresolved code review comments but another PR[2] fixed them and changes were merged. [1] https://github.com/FRRouting/frr/pull/19480 [2] https://github.com/FRRouting/frr/pull/19983 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openfortivpn: upgrade 1.22.0 -> 1.22.1Wang Mingyu2026-01-191-1/+1
| | | | | | | | | | | Bugfix: do not advertise we talk compressed HTTP Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7cd1f5a87175c235c349ace5c3b6082ca82950d1) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tcpreplay 4.4.4: Fix CVE-2025-9384Jackson2026-01-192-0/+39
| | | | | | | | | | | | | There is a NULL Pointer Dereference in ports2PORT when the user passes ill-formatted portmap string to tcprewrite with option -r or --portmap Upstream Repository: https://github.com/appneta/tcpreplay.git Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2025-9384 CVE: CVE-2025-9384 Signed-off-by: Jackson <jacksonj2@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* unbound: Fix CVE-2025-5994Naman Jain2026-01-122-0/+276
| | | | | | | | | | | | A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers CVE: CVE-2025-5994 Signed-off-by: Naman Jain <namanj1@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* networkmanager: upgrade 1.46.0 -> 1.46.6Peter Marko2026-01-121-2/+2
| | | | | | | | | | | | | Solves CVE-2024-6501 (in 1.46.4). Release notes: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/blob/1.46.6/NEWS?ref_type=tags Switch SRC_URI for gnome Gitlab as gnome mirror no longer contains new releases. Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* wolfssl: patch CVE-2025-7394Ankur Tyagi2026-01-127-0/+625
| | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-7394 Backport patches from the PR[1][2][3] mentioned in the changelog[4]. [1] https://github.com/wolfSSL/wolfssl/pull/8849 [2] https://github.com/wolfSSL/wolfssl/pull/8867 [3] https://github.com/wolfSSL/wolfssl/pull/8898 [4] https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#wolfssl-release-582-july-17-2025 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* tinyproxy: patch CVE-2025-63938Ankur Tyagi2026-01-122-0/+43
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-63938 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* znc: patch CVE-2024-39844Ankur Tyagi2026-01-122-0/+63
| | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-39844 Backport commit[1] from https://github.com/znc/znc/releases/tag/znc-1.9.1 [1] https://github.com/znc/znc/commit/8cbf8d628174ddf23da680f3f117dc54da0eb06e Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* proftpd: patch CVE-2024-48651Ankur Tyagi2026-01-122-0/+321
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-48651 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* open62541: patch CVE-2024-53429Ankur Tyagi2026-01-122-0/+45
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-53429 Backport the patch mentioned in the comment[1] which fixed this CVE. [1] https://github.com/open62541/open62541/issues/6825#issuecomment-2460650733 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* mtr: patch CVE-2025-49809Ankur Tyagi2026-01-122-1/+42
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49809 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libcoap: patch CVE-2025-34468Ankur Tyagi2026-01-122-0/+128
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-34468 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* frr: ignore CVE-2024-44070Ankur Tyagi2026-01-121-0/+2
| | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2024-44070 The PR[1] fixing this CVE was backported[2] to stable/9.1 and commit[3] exists in the current version so we can ignore it. $ git tag --contains 21cd931 | grep frr-9.1.3 frr-9.1.3 [1] https://github.com/FRRouting/frr/pull/16497 [2] https://github.com/FRRouting/frr/pull/16504 [3] https://github.com/FRRouting/frr/commit/21cd931a5f9303e12104c72ce31ca383c0c57514 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* dante: Add _GNU_SOURCE for musl buildsKhem Raj2026-01-121-0/+2
| | | | | | | | | | This helps build fixes e.g. cpuset_t definitions etc. glibc builds have _GNU_SOURCE defined inherently. Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 848bac20ea27afddc3843c41ad105843ad167177) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* dante: upgrade 1.4.3 -> 1.4.4Gyorgy Sarvari2026-01-121-2/+2
| | | | | | | | | | | | | | | | | | | | | License-Update: copyright year bump Changelog: - Fix potential security issue CVE-2024-54662, related to "socksmethod" use in client/hostid-rules. - Add a missing call to setgroups(2). - Patch to fix compilation with libminiupnp 2.2.8. - Client connectchild optimizations. - Client SIGIO handling improvements. - Various configure/build fixes. - Updated to support TCP_EXP1 version of TCP hostid format. https://www.inet.no/dante/announce-1.4.4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* cifs-utils: patch CVE-2025-2312Ankur Tyagi2026-01-122-1/+139
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-2312 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>