Mirror of git.yoctoproject.org/poky https://git.enea.com/cgit/linux/poky.git/atom?h=scarthgap 2026-02-16T09:52:35+00:00 2026-02-16T09:52:35+00:00 Adarsh Jagadish Kamini adarsh.jagadish.kamini@est.tech 2026-01-30T07:46:07+00:00 urn:sha1:54e7eb595192794693d65789da18bdf959a7ec84 Include the patch linked in the NVD report : https://nvd.nist.gov/vuln/detail/CVE-2026-21441 (From OE-Core rev: bf85dff7bf4340a691df3da21f04a651fff11a17) Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-12-31T15:49:31+00:00 Jiaying Song jiaying.song.cn@windriver.com 2025-12-17T08:26:33+00:00 urn:sha1:b9843e68be5c2e5dfa2bd47bb0f9425b4893b728 References: https://nvd.nist.gov/vuln/detail/CVE-2025-66418 https://nvd.nist.gov/vuln/detail/CVE-2025-66471 (From OE-Core rev: d9f52c5f86bcc4716e384fe5c01c03d386d60446) Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> 2025-07-11T15:11:53+00:00 Yogita Urade yogita.urade@windriver.com 2025-07-04T10:35:38+00:00 urn:sha1:23e57638efa26f6f65890cbe610bc557b6b33d7e urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attempting to mitigate SSRF or open redirect vulnerabilities by disabling redirects at the PoolManager level will remain vulnerable. This issue has been patched in version 2.5.0. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-50181 Upstream patch: https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857 (From OE-Core rev: cf10eafb333daf8acfd3b8bfcb42c1fe6c26a8a5) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>