From: Peter Marko <[email protected]> These are version-less RedHat CVEs.
[1] points to [2]. This was backported as [3 ]in v22.1.22. [4] points to [5]. This was backported as [6] in v22.1.22. [1] https://security-tracker.debian.org/tracker/CVE-2026-34000 [2] https://gitlab.freedesktop.org/xorg/xserver/-/commit/81b6a34f90b28c32ad499a78a4f391b7c06daea2 [3] https://gitlab.freedesktop.org/xorg/xserver/-/commit/a48d67f38753de551cd177e471b545bd8b9b1b64 [4] https://security-tracker.debian.org/tracker/CVE-2026-34002 [5] https://gitlab.freedesktop.org/xorg/xserver/-/commit/f056ce1cc96ed9261052c31524162c78e458f98c [6] https://gitlab.freedesktop.org/xorg/xserver/-/commit/5328a544ba6c32ecdd1758283ee69058dec100f8 Signed-off-by: Peter Marko <[email protected]> --- meta/recipes-graphics/xorg-xserver/xserver-xorg.inc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc index 0d8d782712..f720c9cef4 100644 --- a/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc +++ b/meta/recipes-graphics/xorg-xserver/xserver-xorg.inc @@ -29,6 +29,8 @@ connection to the X server is lost, so a typical desktop session is either \ impossible or difficult to exploit. There is currently no upstream patch \ available for this flaw." CVE_STATUS[CVE-2022-3553] = "cpe-incorrect: This is specific to XQuartz, which is the macOS X server port" +CVE_STATUS[CVE-2026-34000] = "fixed-version: fixed since v21.1.22" +CVE_STATUS[CVE-2026-34002] = "fixed-version: fixed since v21.1.22" S = "${UNPACKDIR}/${XORG_PN}-${PV}"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236765): https://lists.openembedded.org/g/openembedded-core/message/236765 Mute This Topic: https://lists.openembedded.org/mt/119235909/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
