On Mon Jun 8, 2026 at 4:07 PM CEST, J?r?my Rosen via lists.openembedded.org 
wrote:
> Hello Jackson
>
> from what I see all the CVE are not applied to the upper branches of
> yocto
>
> CVE-2026-5450 is applied to master but not wrynose
> CVE-2026-5928 is not applied, neither to master nor wrynose.
>
> The other three CVE seem to be backported correctly
>
> please submit for master/wrynose and the resubmit for scarthgap

Hello Jackson,

Gentle ping for this patch needing patches for more recent branches.
Also:
* Please put the CVE id in the patch titles "Fix CVEs" is a bit too
  vague.
* glibc CVEs are usualy handled via upgrades along the stable branch
  instead of backporting individual patches.
* Nitpick: the CVE patches are usualy simply named "CVE-XXX-YYYY.patch"

Regards,
>
> Thx a lot
> Jeremy
>
>
> On Fri May 29, 2026 at 6:28 AM CEST, Jackson James via lists.openembedded.org 
> wrote:
>> Fix the following CVEs-
>> CVE-2026-4046 CVE-2026-4437 CVE-2026-4438 CVE-2026-5450,
>> CVE-2026-5928
>>
>> Signed-off-by: Jackson James <[email protected]>
>> ---
>>  ...ount-records-correctly-CVE-2026-4437.patch | 248 +++++++++++++
>>  ...eck-hostname-for-validity-CVE-2026-4.patch | 328 +++++++++++++++++
>>  ...x-buffer-overflow-in-scanf-mc-BZ-340.patch | 138 +++++++
>>  ...x-ungetwc-operating-on-byte-stream-B.patch | 117 ++++++
>>  ...e-pending-character-state-in-IBM1390.patch | 336 ++++++++++++++++++
>>  meta/recipes-core/glibc/glibc_2.39.bb         |   5 +
>>  6 files changed, 1172 insertions(+)
>>  create mode 100644 
>> meta/recipes-core/glibc/glibc/0024-CVE-2026-4437-Count-records-correctly-CVE-2026-4437.patch
>>  create mode 100644 
>> meta/recipes-core/glibc/glibc/0025-CVE-2026-4438-Check-hostname-for-validity-CVE-2026-4.patch
>>  create mode 100644 
>> meta/recipes-core/glibc/glibc/0026-CVE-2026-5450-Fix-buffer-overflow-in-scanf-mc-BZ-340.patch
>>  create mode 100644 
>> meta/recipes-core/glibc/glibc/0027-CVE-2026-5928-Fix-ungetwc-operating-on-byte-stream-B.patch
>>  create mode 100644 
>> meta/recipes-core/glibc/glibc/0028-CVE-2026-4046-Use-pending-character-state-in-IBM1390.patch
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240279): 
https://lists.openembedded.org/g/openembedded-core/message/240279
Mute This Topic: https://lists.openembedded.org/mt/119542722/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to