Please merge these changes in scarthgap. Tested locally and on autobuilder.
https://autobuilder.yoctoproject.org/valkyrie/#/builders/81/builds/1269 The following changes since commit 2759d8870ea387b76c902070bed8a6649ff47b56: php 8.2.29: CVE-2025-14177 (2026-01-19 12:15:49 +0530) are available in the Git repository at: https://git.openembedded.org/meta-openembedded-contrib anujm/scarthgap https://git.openembedded.org/meta-openembedded-contrib/log/?h=anujm/scarthgap Ankur Tyagi (3): python3-aiohttp: patch CVE-2025-53643 python3-cbor2: patch CVE-2025-68131 python3-twisted: patch CVE-2024-41810 Archana Polampalli (1): tcpreplay: fix CVE-2025-51006 Gyorgy Sarvari (12): python3-django: upgrade 4.2.20 -> 4.2.27 redis: ignore CVE-2025-46686 strongswan: patch CVE-2025-62291 python3-flask-cors: upgrade 4.0.0 -> 4.0.2 python3-waitress: upgrade 3.0.0 -> 3.0.2 python3-twitter: mark CVE-2012-5825 patched python3-m2crypto: ignore CVE-2009-0127 python3-m2crypto: mark CVE-2020-25657 as patched openvpn: ignore CVE-2025-13751 acpitool: update SRC_URI xerces-c: set CVE_PRODUCT gnome-keyring: set CVE_PRODUCT Joao Marcos Costa (1): linuxptp: add missing prefix to CVE ID Peter Marko (1): libmad: ignore CVE-2017-11552 and CVE-2018-7263 .../gnome-keyring/gnome-keyring_46.1.bb | 2 + .../recipes-support/openvpn/openvpn_2.6.14.bb | 1 + .../strongswan/CVE-2025-62291.patch | 45 ++ .../strongswan/strongswan_5.9.14.bb | 3 +- .../tcpreplay/tcpreplay/CVE-2025-51006.patch | 97 ++++ .../tcpreplay/tcpreplay_4.4.4.bb | 1 + .../recipes-bsp/acpitool/acpitool_0.5.1.bb | 3 +- .../linuxptp/linuxptp_4.1.bb | 2 +- .../xerces-c/xerces-c_3.2.5.bb | 2 + .../recipes-extended/redis/redis_6.2.21.bb | 2 + .../recipes-extended/redis/redis_7.2.12.bb | 2 + .../libmad/libmad_0.15.1b.bb | 3 + .../python3-aiohttp/CVE-2025-53643.patch | 192 +++++++ .../python/python3-aiohttp_3.9.5.bb | 4 +- .../python/python3-cbor2/CVE-2025-68131.patch | 517 ++++++++++++++++++ .../python/python3-cbor2_5.6.4.bb | 1 + .../0001-lower-setuptools-requirements.patch | 25 + ...ngo_4.2.20.bb => python3-django_4.2.27.bb} | 9 +- .../python3-flask-cors/CVE-2024-6221.patch | 110 ---- ...s_4.0.0.bb => python3-flask-cors_4.0.2.bb} | 8 +- .../python/python3-m2crypto_0.40.1.bb | 3 + ...-41671-0002.patch => CVE-2024-41671.patch} | 4 + ...-41671-0001.patch => CVE-2024-41810.patch} | 6 +- .../python/python3-twisted_24.3.0.bb | 4 +- .../python/python3-twitter_4.14.0.bb | 2 + ...ess_3.0.0.bb => python3-waitress_3.0.2.bb} | 2 +- 26 files changed, 922 insertions(+), 128 deletions(-) create mode 100644 meta-networking/recipes-support/strongswan/strongswan/CVE-2025-62291.patch create mode 100644 meta-networking/recipes-support/tcpreplay/tcpreplay/CVE-2025-51006.patch create mode 100644 meta-python/recipes-devtools/python/python3-aiohttp/CVE-2025-53643.patch create mode 100644 meta-python/recipes-devtools/python/python3-cbor2/CVE-2025-68131.patch create mode 100644 meta-python/recipes-devtools/python/python3-django-4.2.27/0001-lower-setuptools-requirements.patch rename meta-python/recipes-devtools/python/{python3-django_4.2.20.bb => python3-django_4.2.27.bb} (44%) delete mode 100644 meta-python/recipes-devtools/python/python3-flask-cors/CVE-2024-6221.patch rename meta-python/recipes-devtools/python/{python3-flask-cors_4.0.0.bb => python3-flask-cors_4.0.2.bb} (71%) rename meta-python/recipes-devtools/python/python3-twisted/{CVE-2024-41671-0002.patch => CVE-2024-41671.patch} (98%) rename meta-python/recipes-devtools/python/python3-twisted/{CVE-2024-41671-0001.patch => CVE-2024-41810.patch} (95%) rename meta-python/recipes-devtools/python/{python3-waitress_3.0.0.bb => python3-waitress_3.0.2.bb} (82%) -- 2.52.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123858): https://lists.openembedded.org/g/openembedded-devel/message/123858 Mute This Topic: https://lists.openembedded.org/mt/117464430/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
