<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-core/libxml/libxml2_2.14.5.bb, branch master</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2025-09-11T10:31:55+00:00</updated>
<entry>
<title>libxml2: upgrade 2.14.5 -&gt; 2.14.6</title>
<updated>2025-09-11T10:31:55+00:00</updated>
<author>
<name>Wang Mingyu</name>
<email>wangmy@fujitsu.com</email>
</author>
<published>2025-09-10T09:16:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=553b943fae1997cd1f1498753365955d9ac407ae'/>
<id>urn:sha1:553b943fae1997cd1f1498753365955d9ac407ae</id>
<content type='text'>
(From OE-Core rev: 28af77eea6fe04c923d57b8b20ad24414ffc8621)

Signed-off-by: Wang Mingyu &lt;wangmy@fujitsu.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>recipes: cleanup CVE_STATUS which are resolved now</title>
<updated>2025-08-28T09:47:08+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-08-24T16:55:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ec1ae11f7860da56b0692b265b649bfc62907ef1'/>
<id>urn:sha1:ec1ae11f7860da56b0692b265b649bfc62907ef1</id>
<content type='text'>
The don't show up in CVE metrics anymore since they were either fixed
upstream or recipe version was upgraded meanwhile.

* bind CVE-2019-6470: cpe got corrected in nvd db
* libxml2 CVE-2023-45322: version is now higher than NVD cpe
* zlib CVE-2023-45853: version is now higher than NVD cpe
* gcc CVE-2021-37322: version is now higher than NVD cpe
* python3
  * CVE-2007-4559: version is now higher than NVD cpe
  * CVE-2019-18348: version is now higher than NVD cpe
  * CVE-2020-15523: version is now higher than NVD cpe
  * CVE-2022-26488: version is now higher than NVD cpe
  * CVE-2015-20107: version is now higher than NVD cpe
  * CVE-2023-36632: version is now higher than NVD cpe
* rust
  * CVE-2024-24576: NVD has no cpe, but we have newer version as fix
  * CVE-2024-43402: version is now higher than NVD cpe
* cups CVE-2021-25317: version is now higher than NVD cpe
* ghostscript CVE-2023-38559: version is now higher than NVD cpe
* libtirpc CVE-2021-46828: version is now higher than NVD cpe
* unzip CVE-2008-0888: version is now higher than NVD cpe
* ffmpeg CVE-2023-39018: cpe got corrected in nvd db
* libxslt CVE-2022-29824: version is now higher than NVD cpe
* libyaml
  * CVE-2024-35325: CVE is now rejected in NVD DB
  * CVE-2024-35326: CVE is now rejected in NVD DB
  * CVE-2024-35328: CVE is now rejected in NVD DB

Also add comment for iputils regarding reports for FKIE/NVD2.

Also remove some trailing spaces in python recipe.

(From OE-Core rev: 73ee9789183aa95072af2b51ac9e08203f4e33f9)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: mark CVE-2025-6170 as fixed</title>
<updated>2025-08-25T16:47:21+00:00</updated>
<author>
<name>Peter Marko</name>
<email>peter.marko@siemens.com</email>
</author>
<published>2025-08-23T20:47:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=e29b37130f0756e85708f4b91dc1b4a73954679c'/>
<id>urn:sha1:e29b37130f0756e85708f4b91dc1b4a73954679c</id>
<content type='text'>
As shown in [1] when expanding tags including it.

NVD tracks this CVE as version-less.

[1] https://gitlab.gnome.org/GNOME/libxml2/-/commit/c340e419505cf4bf1d9ed7019a87cc00ec200434

(From OE-Core rev: d8a9c190811ad9658a74502a371c110f4d24d68f)

Signed-off-by: Peter Marko &lt;peter.marko@siemens.com&gt;
Signed-off-by: Mathieu Dubois-Briand &lt;mathieu.dubois-briand@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>libxml2: upgrade 2.14.3 -&gt; 2.14.5</title>
<updated>2025-07-28T13:51:50+00:00</updated>
<author>
<name>Hongxu Jia</name>
<email>hongxu.jia@windriver.com</email>
</author>
<published>2025-07-23T02:16:02+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=efbd99e462aaef554b8f119918311c54eaa10688'/>
<id>urn:sha1:efbd99e462aaef554b8f119918311c54eaa10688</id>
<content type='text'>
Release notes:

    https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.14.5

(From OE-Core rev: b82cb6d55033ffff79b5a767bd50b06989c0acfc)

Signed-off-by: Hongxu Jia &lt;hongxu.jia@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
