On 2/23/26 09:09, Gyorgy Sarvari wrote: > - freerdp: CVE-2026-22851: https://nvd.nist.gov/vuln/detail/CVE-2026-22851 > - freerdp: CVE-2026-22852: https://nvd.nist.gov/vuln/detail/CVE-2026-22852 > - freerdp: CVE-2026-22853: https://nvd.nist.gov/vuln/detail/CVE-2026-22853 > - freerdp: CVE-2026-22856: https://nvd.nist.gov/vuln/detail/CVE-2026-22856 > - freerdp: CVE-2026-22857: https://nvd.nist.gov/vuln/detail/CVE-2026-22857 > - freerdp: CVE-2026-22858: https://nvd.nist.gov/vuln/detail/CVE-2026-22858 > - freerdp: CVE-2026-22859: https://nvd.nist.gov/vuln/detail/CVE-2026-22859 > - freerdp: CVE-2026-23530: https://nvd.nist.gov/vuln/detail/CVE-2026-23530 > - freerdp: CVE-2026-23531: https://nvd.nist.gov/vuln/detail/CVE-2026-23531 > - freerdp: CVE-2026-23532: https://nvd.nist.gov/vuln/detail/CVE-2026-23532 > - freerdp: CVE-2026-23533: https://nvd.nist.gov/vuln/detail/CVE-2026-23533 > - freerdp: CVE-2026-23534: https://nvd.nist.gov/vuln/detail/CVE-2026-23534 > - freerdp: CVE-2026-23732: https://nvd.nist.gov/vuln/detail/CVE-2026-23732 > - freerdp: CVE-2026-23883: https://nvd.nist.gov/vuln/detail/CVE-2026-23883 > - freerdp: CVE-2026-23884: https://nvd.nist.gov/vuln/detail/CVE-2026-23884 > - freerdp: CVE-2026-23948: https://nvd.nist.gov/vuln/detail/CVE-2026-23948 > - freerdp: CVE-2026-24491: https://nvd.nist.gov/vuln/detail/CVE-2026-24491 > - freerdp: CVE-2026-24675: https://nvd.nist.gov/vuln/detail/CVE-2026-24675 > - freerdp: CVE-2026-24676: https://nvd.nist.gov/vuln/detail/CVE-2026-24676 > - freerdp: CVE-2026-24677: https://nvd.nist.gov/vuln/detail/CVE-2026-24677 > - freerdp: CVE-2026-24678: https://nvd.nist.gov/vuln/detail/CVE-2026-24678 > - freerdp: CVE-2026-24679: https://nvd.nist.gov/vuln/detail/CVE-2026-24679 > - freerdp: CVE-2026-24680: https://nvd.nist.gov/vuln/detail/CVE-2026-24680 > - freerdp: CVE-2026-24681: https://nvd.nist.gov/vuln/detail/CVE-2026-24681 > - freerdp: CVE-2026-24682: https://nvd.nist.gov/vuln/detail/CVE-2026-24682 > - freerdp: CVE-2026-24683: https://nvd.nist.gov/vuln/detail/CVE-2026-24683 > - freerdp: CVE-2026-24684: https://nvd.nist.gov/vuln/detail/CVE-2026-24684 >
These CVEs are all for freerdp v2. In a few days there will be about 11 more made public. Upstream has just released a new version in the 2.x series, the very last one, they say that "From this point on we will no longer maintain this branch and urge all to upgrade to FreeRDP 3.x." It contains some fixes, but not all CVE fixes from 3.x. Considering that freerdp3 recipe is available, and that version is well maintained, what would you say if we dropped the v2 recipe instead of upgrading it to this last version in this series? I'm not a fan of shrinking the CVE list like that, but this recipe's future doesn't look bright...
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124650): https://lists.openembedded.org/g/openembedded-devel/message/124650 Mute This Topic: https://lists.openembedded.org/mt/117954283/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
