Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=walnascar 2025-09-25T19:29:56+00:00 2025-09-25T19:29:56+00:00 Steve Sakoman steve@sakoman.com 2025-09-25T19:27:16+00:00 urn:sha1:d0b46a6624ec9c61c47270745dd0b2d5abbe6ac1 (From OE-Core rev: ff1c54df4e7b15df2e2c9fced59d9ad3e92ed565) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-09-25T19:25:52+00:00 Steve Sakoman steve@sakoman.com 2025-09-23T15:46:20+00:00 urn:sha1:316baad50b45319057753fa698cd74aeb49a0a9f (From meta-yocto rev: 0993c45a1f78f302fd40c78a2a1f709daa7a0ae0) Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-09-25T19:25:52+00:00 Peter Marko peter.marko@siemens.com 2025-09-25T14:05:14+00:00 urn:sha1:639a818fd0681225e935722b500bd078ed4a816f Pick commit mentioned in [1]. [1] https://security-tracker.debian.org/tracker/CVE-2025-8961 (From OE-Core rev: c171a41e58e2f151dada61ee2a53c15ceaaa85c0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-09-25T19:25:52+00:00 Peter Marko peter.marko@siemens.com 2025-09-25T14:05:13+00:00 urn:sha1:ac184e133bbb0e88d6aaf0584cff0304a036c562 Pick commit mentioned in NVD report. (From OE-Core rev: af4a1f0140fc7739b1bd6e39be1df28681628312) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-09-25T19:25:52+00:00 Peter Marko peter.marko@siemens.com 2025-09-25T14:05:12+00:00 urn:sha1:73a25f197b117a5c8118d28043c350be930b5399 This is fixed in v4.7.0, however cve_check cannot match it as NVD says "Up to (excluding) 2024-08-11". (From OE-Core rev: 17a71c67a8a9242e5ae8985a9ebcc51bfa112c3d) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-09-25T19:25:52+00:00 Peter Marko peter.marko@siemens.com 2025-09-25T14:05:11+00:00 urn:sha1:91844fbbf23e4edde8cef24edc54353b7322d5a2 Pick commit mentioned in NVD report (From OE-Core rev: 09a9653c51ac3eae545deeaa004fbbff8c00c827) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-09-25T19:25:52+00:00 Peter Marko peter.marko@siemens.com 2025-09-25T14:05:10+00:00 urn:sha1:a443a81cf82ccdc99a562e199d876dface5e0403 Pick commit mentioned in NVD report. (From OE-Core rev: cd732eb0cf1f4dc4fbfd64c7cc67125736480b37) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-09-25T19:25:52+00:00 Ross Burton ross.burton@arm.com 2025-09-25T14:05:09+00:00 urn:sha1:77fb27f68027d23667316f0bcd09a2452082854c This issue is specific to the peimage module that Ubuntu add, and is not an upstream issue. (From OE-Core rev: 8d2fe3f403e6435e1ffe122a6776381090752d8a) (From OE-Core rev: 37c224f51817a948f2558f78eec23a3b1df1cb24) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-09-25T19:25:52+00:00 Ross Burton ross.burton@arm.com 2025-09-25T14:05:08+00:00 urn:sha1:f15ade2e8a3dc0c4552b1e712d6d08a9bcb6c01a As per the linked ticket, this issue is related to an Ubuntu-specific patch that we don't have. (From OE-Core rev: dc81fdc6bdf8ab39b7f2fd994d50256430c36558) (From OE-Core rev: 72e63e44a0c6ad5a408c4dc59a24288c36463439) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-09-25T19:25:51+00:00 Peter Marko peter.marko@siemens.com 2025-09-25T14:05:07+00:00 urn:sha1:b066c3a8cc312c2922d181890e6c5add96d8b5a9 This CVE was fixed in plugins-bad. See [1] and [2] which is included in 1.24.13. These commits are backport of [3] to 1.24. Commits fixing this CVE were copied from [4]. [1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/e4351ef03f1331410b0c1216a6178d885f37e495 [2] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/ed4c2ce380f7168bd4a3423f4398eb341cb931c7 [3] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8884 [4] https://security-tracker.debian.org/tracker/CVE-2025-3887 (From OE-Core rev: 13d7e30b45e90187800ba5a383c9579ba2fa0344) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>