[oe] [meta-oe][PATCH] libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched

Gyorgy Sarvari via lists.openembedded.org Mon, 09 Mar 2026 02:18:03 -0700

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837


Both CVEs have been fixed in v0.11.2, but NVD tracks these
vulnerabilities without version information.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb 
b/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb
index 617d3bc502..f73fd314c2 100644
--- a/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb
+++ b/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb
@@ -53,3 +53,6 @@ CXXFLAGS:append:toolchain-clang:arm = " -fno-integrated-as"
 FILES:${PN} += "${libdir}/gdk-pixbuf-2.0 ${datadir}"
 
 BBCLASSEXTEND = "native"
+
+CVE_STATUS[CVE-2025-12474] = "fixed-version: fixed in v0.11.2"
+CVE_STATUS[CVE-2026-1837] = "fixed-version: fixed in v0.11.2"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#124965): 
https://lists.openembedded.org/g/openembedded-devel/message/124965
Mute This Topic: https://lists.openembedded.org/mt/118218207/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][PATCH] libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched

Reply via email to