On 2/25/26 13:12, Marko, Peter wrote: > >> -----Original Message----- >> From: [email protected] <openembedded- >> [email protected]> On Behalf Of Gyorgy Sarvari via >> lists.openembedded.org >> Sent: Wednesday, February 25, 2026 13:05 >> To: [email protected] >> Subject: Re: [oe] CVE report - master - 2026-02-23 >> >> On 2/23/26 09:09, Gyorgy Sarvari wrote: >>> - freerdp: CVE-2026-22851: https://nvd.nist.gov/vuln/detail/CVE-2026-22851 >>> - freerdp: CVE-2026-22852: https://nvd.nist.gov/vuln/detail/CVE-2026-22852 >>> - freerdp: CVE-2026-22853: https://nvd.nist.gov/vuln/detail/CVE-2026-22853 >>> - freerdp: CVE-2026-22856: https://nvd.nist.gov/vuln/detail/CVE-2026-22856 >>> - freerdp: CVE-2026-22857: https://nvd.nist.gov/vuln/detail/CVE-2026-22857 >>> - freerdp: CVE-2026-22858: https://nvd.nist.gov/vuln/detail/CVE-2026-22858 >>> - freerdp: CVE-2026-22859: https://nvd.nist.gov/vuln/detail/CVE-2026-22859 >>> - freerdp: CVE-2026-23530: https://nvd.nist.gov/vuln/detail/CVE-2026-23530 >>> - freerdp: CVE-2026-23531: https://nvd.nist.gov/vuln/detail/CVE-2026-23531 >>> - freerdp: CVE-2026-23532: https://nvd.nist.gov/vuln/detail/CVE-2026-23532 >>> - freerdp: CVE-2026-23533: https://nvd.nist.gov/vuln/detail/CVE-2026-23533 >>> - freerdp: CVE-2026-23534: https://nvd.nist.gov/vuln/detail/CVE-2026-23534 >>> - freerdp: CVE-2026-23732: https://nvd.nist.gov/vuln/detail/CVE-2026-23732 >>> - freerdp: CVE-2026-23883: https://nvd.nist.gov/vuln/detail/CVE-2026-23883 >>> - freerdp: CVE-2026-23884: https://nvd.nist.gov/vuln/detail/CVE-2026-23884 >>> - freerdp: CVE-2026-23948: https://nvd.nist.gov/vuln/detail/CVE-2026-23948 >>> - freerdp: CVE-2026-24491: https://nvd.nist.gov/vuln/detail/CVE-2026-24491 >>> - freerdp: CVE-2026-24675: https://nvd.nist.gov/vuln/detail/CVE-2026-24675 >>> - freerdp: CVE-2026-24676: https://nvd.nist.gov/vuln/detail/CVE-2026-24676 >>> - freerdp: CVE-2026-24677: https://nvd.nist.gov/vuln/detail/CVE-2026-24677 >>> - freerdp: CVE-2026-24678: https://nvd.nist.gov/vuln/detail/CVE-2026-24678 >>> - freerdp: CVE-2026-24679: https://nvd.nist.gov/vuln/detail/CVE-2026-24679 >>> - freerdp: CVE-2026-24680: https://nvd.nist.gov/vuln/detail/CVE-2026-24680 >>> - freerdp: CVE-2026-24681: https://nvd.nist.gov/vuln/detail/CVE-2026-24681 >>> - freerdp: CVE-2026-24682: https://nvd.nist.gov/vuln/detail/CVE-2026-24682 >>> - freerdp: CVE-2026-24683: https://nvd.nist.gov/vuln/detail/CVE-2026-24683 >>> - freerdp: CVE-2026-24684: https://nvd.nist.gov/vuln/detail/CVE-2026-24684 >>> >> These CVEs are all for freerdp v2. In a few days there will be about 11 >> more made public. >> Upstream has just released a new version in the 2.x series, the very >> last one, they say that "From this point on we will no longer maintain >> this branch and urge all to upgrade to FreeRDP 3.x." >> >> It contains some fixes, but not all CVE fixes from 3.x. >> Considering that freerdp3 recipe is available, and that version is well >> maintained, what would you say if we dropped the v2 recipe instead of >> upgrading it to this last version in this series? >> >> I'm not a fan of shrinking the CVE list like that, but this recipe's >> future doesn't look bright... > Dual versions like this should be removed ones all recipes depending on them > are updated to use newer version. > So this means looking if vlc and remmina recipes work with freerdp3 and if > so. Drop the old revision. > >
Good point, thank you. I see that actually weston from oe-core has an optional dependency on it also. I guess my proposal can be ignored then.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124652): https://lists.openembedded.org/g/openembedded-devel/message/124652 Mute This Topic: https://lists.openembedded.org/mt/117954283/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
