summaryrefslogtreecommitdiffstats
path: root/meta-oe
Commit message (Collapse)AuthorAgeFilesLines
* lcms: patch CVE-2026-42798Ankur Tyagi2026-05-212-0/+39
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-42798 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* lcms: patch CVE-2026-41254Ankur Tyagi2026-05-213-1/+70
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-41254 Backport the patches referenced by the NVD advisory. Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* exiftool: ignore CVE-2026-7580Ankur Tyagi2026-05-211-0/+1
| | | | | | | | | | | The impacted function mentioned in the nvd[1] was introduced in v12.82[2], hence we can ignore this CVE. [1]https://nvd.nist.gov/vuln/detail/CVE-2026-7580 [2]https://github.com/exiftool/exiftool/commit/280a7f0db71b5887be492d57723723cb196ad2f9 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* php: upgrade 8.2.30 -> 8.2.31Jason Schonberg2026-05-211-1/+1
| | | | | | | | | This is a security release. Changelog: https://www.php.net/ChangeLog-8.php#8.2.31 Signed-off-by: Jason Schonberg <schonm@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* onig: Add CVE_PRODUCT to support product nameHet Patel2026-05-211-0/+3
| | | | | | | | | | | - Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE reporting. Signed-off-by: Het Patel <hetpat@cisco.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 7bc5268662f1428bdbca08e14d223aa6b62e87f3) Signed-off-by: Himanshu Jadon <hjadon@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* abseil-cpp: Add CVE_PRODUCT to support product nameHet Patel2026-05-211-0/+3
| | | | | | | | | | | - Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE reporting. Signed-off-by: Het Patel <hetpat@cisco.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a428ea90c08fc93ce5e39612974323aad26d1ef3) Signed-off-by: Himanshu Jadon <hjadon@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: Stick to C17 until next releaseKhem Raj2026-05-051-0/+3
| | | | | | | | | | | | | Patches are sprinkled in master branch of jq but the backports regresses tests, so its better to keep it at C17 for now. Backport: changed from += to :append to apply to all target, native and nativesdk builds. Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Martin Jansa <martin.jansa@gmail.com> Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* onig: fix gcc 15 buildMikko Rapeli2026-04-292-0/+139
| | | | | | | With backport from upstream 6.9.10. Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: patch CVE-2026-39979Ankur Tyagi2026-04-292-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-39979 Ptests passed: root@qemux86:~# ptest-runner jq START: ptest-runner 2026-04-26T11:09 BEGIN: /usr/lib/jq/ptest PASS: optionaltest PASS: mantest PASS: jqtest PASS: onigtest PASS: shtest PASS: utf8test PASS: base64test === Test Summary === TOTAL: 7 PASSED: 7 FAILED: 0 SKIPPED: 0 DURATION: 44 END: /usr/lib/jq/ptest 2026-04-26T11:10 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: patch CVE-2026-33948Ankur Tyagi2026-04-292-0/+52
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33948 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: patch CVE-2026-33947Ankur Tyagi2026-04-292-0/+108
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-33947 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: patch CVE-2026-32316Ankur Tyagi2026-04-292-0/+56
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32316 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libssh: Fix CVE-2026-0965Ankur Tyagi2026-04-292-0/+285
| | | | | | | | | | | | | | | | | | | | | | | Backport the patch [1] as mentioned in [2] [1] https://git.libssh.org/projects/libssh.git/commit/?id=bf390a042623e02abc8f421c4c5fadc0429a8a76 [2] https://security-tracker.debian.org/tracker/CVE-2026-0965 Ptests passed: root@qemux86:~# ptest-runner libssh START: ptest-runner 2026-04-28T04:44 BEGIN: /usr/lib/libssh/ptest ... ... DURATION: 269 END: /usr/lib/libssh/ptest 2026-04-28T04:49 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libssh: patch CVE-2026-0967Ankur Tyagi2026-04-292-0/+361
| | | | | | | | | | Backport patch [1] as mentioned in [2] [1] https://git.libssh.org/projects/libssh.git/commit/?id=6d74aa6138895b3662bade9bd578338b0c4f8a15 [2] https://security-tracker.debian.org/tracker/CVE-2026-0967 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libssh: patch CVE-2026-0968Ankur Tyagi2026-04-293-0/+202
| | | | | | | | | | | | | | | | | Backport patches [1] and [2] as mentioned in [3] [1] https://git.libssh.org/projects/libssh.git/commit/?id=796d85f786dff62bd4bcc4408d9b7bbc855841e9 [2] https://git.libssh.org/projects/libssh.git/commit/?id=212121971fb26e1e00b72bd5402c0454a4d84c03 [3] https://security-tracker.debian.org/tracker/CVE-2026-0968 Certain functions from sftp.c were moved to a new file sftp_common.c in version 0.11.0 by following commit: https://git.libssh.org/projects/libssh.git/commit/src/sftp_common.c?id=c3e03ab4651e4f3382e3a51c0273ade894f0c48a This is the backport of the changes using the original file sftp.c Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* opensc: patch CVE-2025-66215Ankur Tyagi2026-04-295-0/+177
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66215 Backport the patches referenced by the PR[1] mentioned in the nvd. Dropped the formatting commit from the backport. [1] https://github.com/OpenSC/OpenSC/pull/3436 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* opensc: patch CVE-2025-66038Ankur Tyagi2026-04-292-0/+42
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66038 Backport the patch referenced by the wiki[1] mentioned in the nvd. [1] https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66038 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* opensc: patch CVE-2025-66037Ankur Tyagi2026-04-292-0/+36
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-66037 Backport the patch referenced by the wiki[1] mentioned in the nvd. [1] https://github.com/OpenSC/OpenSC/wiki/CVE-2025-66037 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* opensc: patch CVE-2025-49010Ankur Tyagi2026-04-292-0/+73
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-49010 Backport the patch referenced by the wiki[1] mentioned in the nvd. [1] https://github.com/OpenSC/OpenSC/wiki/CVE-2025-49010 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* openjpeg: patch CVE-2026-6192Gyorgy Sarvari2026-04-292-0/+36
| | | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-6192 Backport the patch referenced by the NVD advisory. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> (cherry picked from commit 09050325e6e0736beccc40d125e56430054b7cb8) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* jq: fix CVE-2026-40164Daniel Turull2026-04-292-0/+93
| | | | | | | Backport patch to fix CVE-2026-40164. Signed-off-by: Daniel Turull <daniel.turull@ericsson.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* krb5: Backport additional fixes to build on clangKhem Raj2026-04-293-0/+1243
| | | | | | | | | | | | Enabling additional warning tightens the function prototype checks and clang goes a step ahead to flag void foo() as well it should be void foo(void) Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Martin Jansa <martin.jansa@gmail.com> (cherry picked from commit 37cc472e44ef5b2b8c0ae8b5bcebf875fa9dd5be) Signed-off-by: Deepak Rathore <deeratho@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* kernel-hardening-checker: update 0.6.10.2 -> 0.6.17.1Michael Opdenacker2026-04-291-1/+1
| | | | | | | | | | Following the update on master. This version reports more hardening issues: 128 "failures" instead of 113 on the same kernel. Signed-off-by: Michael Opdenacker <michael.opdenacker@rootcommit.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* hdf5: fix CVE-2025-6857Libo Chen2026-04-292-0/+256
| | | | | | | | | | | | | | | | According to [1], A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Backport patch [2] from upstream to fix CVE-2025-6857 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-6857 [2] https://github.com/HDFGroup/hdf5/commit/a8ceb1d95bb997f548c1129363dad53c18540096 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* hdf5: fix CVE-2025-2308Libo Chen2026-04-292-0/+334
| | | | | | | | | | | | | | | | | According to [1], A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor plans to fix this issue in an upcoming release. Backport patch [2] from upstream to fix CVE-2025-2308 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2308 [2] https://github.com/HDFGroup/hdf5/commit/2ce7fdc4cf147d280aa6d49686297faacc250e40 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* rocksdb: packageconfig knob for set static library optionZahir Hussain2026-04-291-1/+1
| | | | | | | | | | | Adding PACKAGECONFIG knob for enable/disable the static library option It is just a follow-up changes of previous commit https://git.openembedded.org/meta-openembedded/commit/?h=scarthgap&id=72018ca1b1a471226917e8246e8bbf9a374ccf97 and also this changes are already accepted and integrated in kirkstone branch. Signed-off-by: Zahir Hussain <zahir.basha@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* imagemagick: Fix CVEsNaman Jain2026-04-2929-0/+2121
| | | | | | | | | | | | | | Fix the following CVEs- CVE-2026-24481 CVE-2026-25638 CVE-2026-25794 CVE-2026-25795 CVE-2026-25796 CVE-2026-25797 CVE-2026-25798 CVE-2026-25799 CVE-2026-25897 CVE-2026-25898 CVE-2026-25965 CVE-2026-25966 CVE-2026-25967 CVE-2026-25968 CVE-2026-25969 CVE-2026-25970 CVE-2026-25982 CVE-2026-25985 CVE-2026-25986 CVE-2026-25987 CVE-2026-25988 CVE-2026-26066 CVE-2026-26283 CVE-2026-26284 CVE-2026-26983 Signed-off-by: Naman Jain <namanj1@kpit.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* grpc: set status for CVE-2026-33186Peter Marko2026-04-151-0/+2
| | | | | | | | | | CPE per NVD report is for "go", while this is C++ component: * cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:* Also the link to adisory within NVD report says "grpc-go": * https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3 Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nmap: rename enum PCAP_SOCKETJinfeng Wang2026-04-152-0/+82
| | | | | | | | | The enum PCAP_SOCKET conflicts with the PCAP_SOCKET macro introduced in libpcap 1.10.5. Use ifdefs to handle both old and new libpcap versions, renaming the enum to NM_PCAP_SOCKET when the PCAP_SOCKET macro is defined. Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* hdf5: fix CVE-2025-2309Libo Chen2026-04-152-0/+42
| | | | | | | | | | | | | | | | | | | According to [1], A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor plans to fix this issue in an upcoming release. Backport patch [2] from upstream to fix CVE-2025-2309 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2309 [2] https://github.com/HDFGroup/hdf5/commit/9d90b21ef5c5373978014f1a711795aa653bd9a1 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* hdf5: fix CVE-2025-44905Libo Chen2026-04-152-0/+47
| | | | | | | | | | | | | | According to [1], hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function. Backport patch [2] from upstream to fix CVE-2025-44905 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-44905 [2] https://github.com/HDFGroup/hdf5/commit/42588aeba786a121fec1fbad72cf39d8f60a4983 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* hdf5: fix CVE-2025-2310Libo Chen2026-04-152-0/+38
| | | | | | | | | | | | | | | | | According to [1], A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Backport patch [2] from upstream to fix CVE-2025-2310 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2310 [2] https://github.com/HDFGroup/hdf5/commit/6c86f97e03c6dc7d7bd2bae9acc422bdc3438ff4 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* hdf5: fix CVE-2025-2153Libo Chen2026-04-152-0/+52
| | | | | | | | | | | | | | | | | | According to [1], A vulnerability, which was classified as critical, was found in HDF5 1.14.6. Affected is the function H5SM_delete of the file H5SM.c of the component h5 File Handler. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. Backport patch [2] from upstream to fix CVE-2025-2153 [1] https://nvd.nist.gov/vuln/detail/CVE-2025-2153 [2] https://github.com/HDFGroup/hdf5/commit/38954615fc079538aa45d48097625a6d76aceef0 Signed-off-by: Libo Chen <libo.chen.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* yasm: fix CVE-2021-33454Guocai He2026-04-152-0/+30
| | | | | | | | | | | | | An issue was discovered in yasm version 1.3.0. There is a NULL pointer dereference in yasm_expr_get_intnum() in libyasm/expr.c. Backport patch to fix CVE-2021-33454 per reference [1]. [1]: https://security-tracker.debian.org/tracker/CVE-2021-33454 Signed-off-by: Guocai He <guocai.he.cn@windriver.com> Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* nodejs: upgrade 20.20.0 -> 20.20.2Ankur Tyagi2026-04-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | License Update: Update minimatch to the Blue Oak Model License[1] nodejs LTS releases containing security and bugfixes. https://nodejs.org/en/blog/release/v20.20.1 https://nodejs.org/en/blog/release/v20.20.2 [1] https://github.com/nodejs/node/commit/f0ef221b0d458d9358c6e6e49094da475e86c229 Ptests passed: root@qemux86:~# ptest-runner nodejs START: ptest-runner 2026-04-09T10:37 BEGIN: /usr/lib/nodejs/ptest Running main() from /usr/src/debug/nodejs/20.20.2/deps/googletest/src/gtest_main.cc [==========] Running 152 tests from 23 test suites. [----------] Global test environment set-up. ... ... [----------] Global test environment tear-down [==========] 152 tests from 23 test suites ran. (30533 ms total) [ PASSED ] 152 tests. PASS: nodejs DURATION: 31 END: /usr/lib/nodejs/ptest 2026-04-09T10:37 STOP: ptest-runner TOTAL: 1 FAIL: 0 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libvncserver: fix CVE-2026-32854Ankur Tyagi2026-04-132-0/+67
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32854 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libvncserver: fix CVE-2026-32853Ankur Tyagi2026-04-132-1/+79
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-32853 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* libraw: ignore CVE-2026-5318Ankur Tyagi2026-04-131-0/+2
| | | | | | | | | | | Vulnerability exists in the function which was added in version 0.22.0[1] Details: https://nvd.nist.gov/vuln/detail/CVE-2026-5318 [1] https://github.com/LibRaw/LibRaw/commit/12b0e5d60c57bb795382fda8494fc45f683550b8 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* giflib: patch CVE-2025-31344Gyorgy Sarvari2026-04-132-1/+30
| | | | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-31344 Backport the commit that mentions this CVE ID explicitly in its message. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-33984Ankur Tyagi2026-04-132-0/+35
| | | | | | | Detaisl: https://nvd.nist.gov/vuln/detail/CVE-2026-33984 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-31897Ankur Tyagi2026-04-132-0/+29
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-31897 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-31806Ankur Tyagi2026-04-132-0/+37
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-31806 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-29776Ankur Tyagi2026-04-132-0/+31
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29776 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-29775Ankur Tyagi2026-04-132-0/+31
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29775 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-29774Ankur Tyagi2026-04-132-0/+76
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-29774 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-24683Ankur Tyagi2026-04-132-0/+115
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24683 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-24682Ankur Tyagi2026-04-132-0/+32
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24682 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-24681Ankur Tyagi2026-04-132-0/+27
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24681 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-24680 and CVE-2026-27950Ankur Tyagi2026-04-132-0/+25
| | | | | | | | | | | | | There was only SDL2 client until commit[1] created SDL2 and SDL3 clients from version 3.6.0 onwards. [1] https://github.com/FreeRDP/FreeRDP/commit/8281186a6d9dad20e8345d85a1732e2974636555 Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24680 https://nvd.nist.gov/vuln/detail/CVE-2026-27950 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
* freerdp3: fix CVE-2026-24679Ankur Tyagi2026-04-132-0/+45
| | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2026-24679 Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>