[OE-core][styhead][PATCH 0/7] cve metrics cleanup

Thu, 05 Dec 2024 15:42:43 -0800 

This patchset will resolve styhead cve from cve metrics to match master
and scarthgap. It contains only cherry-picks from scarthgap plus
cherry-pick from kirkstone-next for qemu patch.
curl and qemu patches needed some love to apply and were tested.

With current NVD situation it's not much, but searching trough
scarthgap and master patches is a tedious work which will take time.

Hitendra Prajapati (2):
  ghostscript: upgrade 10.03.1 -> 10.04.0
  libarchive: fix CVE-2024-48957 & CVE-2024-48958

Peter Marko (4):
  builder: set CVE_PRODUCT
  qemu: patch CVE-2024-6505
  curl: patch CVE-2024-9681
  rust: ignore CVE-2024-43402

Ross Burton (1):
  libsndfile1: backport the fix for CVE-2024-50612

 meta/recipes-devtools/qemu/qemu.inc           |   1 +
 .../qemu/qemu/CVE-2024-6505.patch             |  40 ++
 meta/recipes-devtools/rust/rust-source.inc    |   1 +
 .../avoid-host-contamination.patch            |   6 +-
 ...ript_10.03.1.bb => ghostscript_10.04.0.bb} |   2 +-
 .../libarchive/CVE-2024-48957.patch           |  36 ++
 .../libarchive/CVE-2024-48958.patch           |  40 ++
 .../libarchive/libarchive_3.7.4.bb            |   5 +-
 meta/recipes-graphics/builder/builder_0.1.bb  |   3 +-
 .../libsndfile1/CVE-2024-50612.patch          | 409 ++++++++++++++++++
 .../libsndfile/libsndfile1_1.2.2.bb           |   1 +
 .../curl/curl/CVE-2024-9681.patch             |  85 ++++
 meta/recipes-support/curl/curl_8.9.1.bb       |   1 +
 13 files changed, 624 insertions(+), 6 deletions(-)
 create mode 100644 meta/recipes-devtools/qemu/qemu/CVE-2024-6505.patch
 rename meta/recipes-extended/ghostscript/{ghostscript_10.03.1.bb => 
ghostscript_10.04.0.bb} (97%)
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2024-48957.patch
 create mode 100644 
meta/recipes-extended/libarchive/libarchive/CVE-2024-48958.patch
 create mode 100644 
meta/recipes-multimedia/libsndfile/libsndfile1/CVE-2024-50612.patch
 create mode 100644 meta/recipes-support/curl/curl/CVE-2024-9681.patch

-- 
2.30.2


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#208397): 
https://lists.openembedded.org/g/openembedded-core/message/208397
Mute This Topic: https://lists.openembedded.org/mt/109949916/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to