On Tue Feb 17, 2026 at 9:14 AM CET, Vijay Anusuri via lists.openembedded.org wrote: > Picked commits which mentions this CVE per [1]. > > [1] https://ubuntu.com/security/CVE-2025-14831 > [2] https://security-tracker.debian.org/tracker/CVE-2025-14831 > [3] https://gitlab.com/gnutls/gnutls/-/issues/1773 > > Signed-off-by: Vijay Anusuri <[email protected]> > --- > .../gnutls/gnutls/CVE-2025-14831-1.patch | 61 +++ > .../gnutls/gnutls/CVE-2025-14831-2.patch | 30 ++ > .../gnutls/gnutls/CVE-2025-14831-3.patch | 45 ++ > .../gnutls/gnutls/CVE-2025-14831-4.patch | 200 +++++++ > .../gnutls/gnutls/CVE-2025-14831-5.patch | 500 ++++++++++++++++++ > .../gnutls/gnutls/CVE-2025-14831-6.patch | 119 +++++ > .../gnutls/gnutls/CVE-2025-14831-7.patch | 150 ++++++ > .../gnutls/gnutls/CVE-2025-14831-8.patch | 105 ++++ > .../gnutls/gnutls/CVE-2025-14831-9.patch | 437 +++++++++++++++ > meta/recipes-support/gnutls/gnutls_3.8.4.bb | 9 + > 10 files changed, 1656 insertions(+) > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-1.patch > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-2.patch > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-3.patch > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-4.patch > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-5.patch > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-6.patch > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-7.patch > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-8.patch > create mode 100644 meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch > > [...] > diff --git a/meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch > b/meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch > new file mode 100644 > index 0000000000..27ed995d8d > --- /dev/null > +++ b/meta/recipes-support/gnutls/gnutls/CVE-2025-14831-9.patch > @@ -0,0 +1,437 @@ > +Backport of: > + > +From d6054f0016db05fb5c82177ddbd0a4e8331059a1 Mon Sep 17 00:00:00 2001 > +From: Alexander Sosedkin <[email protected]> > +Date: Wed, 4 Feb 2026 20:03:49 +0100 > +Subject: [PATCH] x509/name_constraints: name_constraints_node_list_intersect > + over sorted > + > +Fixes: #1773 > +Fixes: GNUTLS-SA-2026-02-09-2 > +Fixes: CVE-2025-14831 > + > +Signed-off-by: Alexander Sosedkin <[email protected]> > + > +Upstream-Status: Backport > [https://gitlab.com/gnutls/gnutls/-/commit/d6054f0016db05fb5c82177ddbd0a4e8331059a1] > +CVE: CVE-2025-14831 > +Signed-off-by: Vijay Anusuri <[email protected]> > +--- > + NEWS | 7 + > + lib/x509/name_constraints.c | 350 ++++++++++++++---------------------- > + 2 files changed, 142 insertions(+), 215 deletions(-) > + > +#diff --git a/NEWS b/NEWS > +#index e506db547a..96b7484fdf 100644 > +#--- a/NEWS > +#+++ b/NEWS > +#@@ -14,6 +14,13 @@ See the end for copying conditions. > +# Reported by Jaehun Lee. > +# [Fixes: GNUTLS-SA-2026-02-09-1, CVSS: high] [CVE-2026-1584] > +# > +#+** libgnutls: Fix name constraint processing performance issue > +#+ Verifying certificates with pathological amounts of name constraints > +#+ could lead to a denial of service attack via resource exhaustion. > +#+ Reworked processing algorithms exhibit better performance > characteristics. > +#+ Reported by Tim Scheckenbach. > +#+ [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831] > +#+ > +# ** libgnutls: Fix multiple unexploitable overflows > +# Reported by Tim Rühsen (#1783, #1786). > +#
Hello, When I reviewed this patch for whinlatter, I asked for this commented hunk to be removed. Can you also remove it here as well? Generally, since you often send patches for multiple stable branches in parallel, when you get a review for one branch that applies for your others patches, please fix those as well. Thanks! -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#234157): https://lists.openembedded.org/g/openembedded-core/message/234157 Mute This Topic: https://lists.openembedded.org/mt/117853869/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
