On Tue, 2026-03-10 at 12:05 +0100, Yoann Congal via lists.openembedded.org wrote: > Those are the patches from the last patch review: > https://lore.kernel.org/openembedded-core/[email protected]/#r > > Passed a-full on autobuilder: > https://autobuilder.yoctoproject.org/valkyrie/?#/builders/29/builds/3341 > > The following changes since commit 45cba1329d541fdc5857d6df2624b34c91133f7a: > > build-appliance-image: Update to whinlatter head revisions (2026-02-27 > 17:46:44 +0000) > > are available in the Git repository at: > > https://git.openembedded.org/openembedded-core-contrib > stable/whinlatter-next > > https://git.openembedded.org/openembedded-core-contrib/log/?h=stable/whinlatter-next > > for you to fetch changes up to cfc0e446a1ad57e710d2c82914211f9bcdc4a752: > > python3-urllib3: patch CVE-2025-66471 (2026-03-06 00:48:43 +0100) > > ---------------------------------------------------------------- > > Adarsh Jagadish Kamini (1): > python3-pip: Backport fix CVE-2026-1703 > > Ankur Tyagi (1): > wireless-regdb: upgrade 2025.10.07 -> 2026.02.04 > > Antonin Godard (1): > python3: skip flaky test_default_timeout test > > Benjamin Robin (Schneider Electric) (2): > avahi: Remove a reference to the rejected CVE-2021-36217 > lz4: Remove a reference to the rejected CVE-2025-62813 > > Hugo SIMELIERE (2): > zlib: Fix CVE-2026-27171 > harfbuzz: Fix CVE-2026-22693 > > Paul Barker (1): > create-pull-request: Keep commit hash to be pulled in cover email > > Peter Marko (4): > linux-yocto: apply cve-exclusions also to rt and tiny recipe variants > cve-exclusions: set status for 5 CVEs > ffmpeg: set status for CVE-2025-12343 > python3-urllib3: patch CVE-2025-66471 > > Shaik Moin (1): > gdk-pixbuf: Fix CVE-2025-6199 > > Vijay Anusuri (1): > gnutls: Fix CVE-2025-14831 > > Yoann Congal (2): > README: Add whinlatter subject-prefix to git-send-email suggestion > b4-config: add send-prefixes for whinlatter
There are two large CVE patches in this series: - CVE-2025-66471 has been adequately discussed. - CVE-2025-14831 was also a patched with a large delta from several upstream commits in Ubuntu and in CentOS Stream 10, so we're in line with what others are backporting. So, LGTM. Best regards, -- Paul Barker
signature.asc
Description: This is a digitally signed message part
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232773): https://lists.openembedded.org/g/openembedded-core/message/232773 Mute This Topic: https://lists.openembedded.org/mt/118238596/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
