> -----Original Message----- > From: [email protected] <openembedded- > [email protected]> On Behalf Of Gyorgy Sarvari via > lists.openembedded.org > Sent: Wednesday, February 25, 2026 13:05 > To: [email protected] > Subject: Re: [oe] CVE report - master - 2026-02-23 > > On 2/23/26 09:09, Gyorgy Sarvari wrote: > > - freerdp: CVE-2026-22851: https://nvd.nist.gov/vuln/detail/CVE-2026-22851 > > - freerdp: CVE-2026-22852: https://nvd.nist.gov/vuln/detail/CVE-2026-22852 > > - freerdp: CVE-2026-22853: https://nvd.nist.gov/vuln/detail/CVE-2026-22853 > > - freerdp: CVE-2026-22856: https://nvd.nist.gov/vuln/detail/CVE-2026-22856 > > - freerdp: CVE-2026-22857: https://nvd.nist.gov/vuln/detail/CVE-2026-22857 > > - freerdp: CVE-2026-22858: https://nvd.nist.gov/vuln/detail/CVE-2026-22858 > > - freerdp: CVE-2026-22859: https://nvd.nist.gov/vuln/detail/CVE-2026-22859 > > - freerdp: CVE-2026-23530: https://nvd.nist.gov/vuln/detail/CVE-2026-23530 > > - freerdp: CVE-2026-23531: https://nvd.nist.gov/vuln/detail/CVE-2026-23531 > > - freerdp: CVE-2026-23532: https://nvd.nist.gov/vuln/detail/CVE-2026-23532 > > - freerdp: CVE-2026-23533: https://nvd.nist.gov/vuln/detail/CVE-2026-23533 > > - freerdp: CVE-2026-23534: https://nvd.nist.gov/vuln/detail/CVE-2026-23534 > > - freerdp: CVE-2026-23732: https://nvd.nist.gov/vuln/detail/CVE-2026-23732 > > - freerdp: CVE-2026-23883: https://nvd.nist.gov/vuln/detail/CVE-2026-23883 > > - freerdp: CVE-2026-23884: https://nvd.nist.gov/vuln/detail/CVE-2026-23884 > > - freerdp: CVE-2026-23948: https://nvd.nist.gov/vuln/detail/CVE-2026-23948 > > - freerdp: CVE-2026-24491: https://nvd.nist.gov/vuln/detail/CVE-2026-24491 > > - freerdp: CVE-2026-24675: https://nvd.nist.gov/vuln/detail/CVE-2026-24675 > > - freerdp: CVE-2026-24676: https://nvd.nist.gov/vuln/detail/CVE-2026-24676 > > - freerdp: CVE-2026-24677: https://nvd.nist.gov/vuln/detail/CVE-2026-24677 > > - freerdp: CVE-2026-24678: https://nvd.nist.gov/vuln/detail/CVE-2026-24678 > > - freerdp: CVE-2026-24679: https://nvd.nist.gov/vuln/detail/CVE-2026-24679 > > - freerdp: CVE-2026-24680: https://nvd.nist.gov/vuln/detail/CVE-2026-24680 > > - freerdp: CVE-2026-24681: https://nvd.nist.gov/vuln/detail/CVE-2026-24681 > > - freerdp: CVE-2026-24682: https://nvd.nist.gov/vuln/detail/CVE-2026-24682 > > - freerdp: CVE-2026-24683: https://nvd.nist.gov/vuln/detail/CVE-2026-24683 > > - freerdp: CVE-2026-24684: https://nvd.nist.gov/vuln/detail/CVE-2026-24684 > > > > These CVEs are all for freerdp v2. In a few days there will be about 11 > more made public. > Upstream has just released a new version in the 2.x series, the very > last one, they say that "From this point on we will no longer maintain > this branch and urge all to upgrade to FreeRDP 3.x." > > It contains some fixes, but not all CVE fixes from 3.x. > Considering that freerdp3 recipe is available, and that version is well > maintained, what would you say if we dropped the v2 recipe instead of > upgrading it to this last version in this series? > > I'm not a fan of shrinking the CVE list like that, but this recipe's > future doesn't look bright...
Dual versions like this should be removed ones all recipes depending on them are updated to use newer version. So this means looking if vlc and remmina recipes work with freerdp3 and if so. Drop the old revision. Peter
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124651): https://lists.openembedded.org/g/openembedded-devel/message/124651 Mute This Topic: https://lists.openembedded.org/mt/117954283/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
