[oe] [meta-oe][whinlatter][PATCH] libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched

Gyorgy Sarvari via lists.openembedded.org Mon, 09 Mar 2026 02:20:05 -0700

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-12474
https://nvd.nist.gov/vuln/detail/CVE-2026-1837


Both CVEs have been fixed in v0.11.2, but NVD tracks these
vulnerabilities without version information.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb 
b/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb
index 1157f07d84..0976987717 100644
--- a/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb
+++ b/meta-oe/recipes-multimedia/libjxl/libjxl_0.11.2.bb
@@ -51,3 +51,6 @@ CFLAGS:append:toolchain-clang:arm = " -fno-integrated-as"
 CXXFLAGS:append:toolchain-clang:arm = " -fno-integrated-as"
 
 FILES:${PN} += "${libdir}/gdk-pixbuf-2.0 ${datadir}"
+
+CVE_STATUS[CVE-2025-12474] = "fixed-version: fixed in v0.11.2"
+CVE_STATUS[CVE-2026-1837] = "fixed-version: fixed in v0.11.2"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#124966): 
https://lists.openembedded.org/g/openembedded-devel/message/124966
Mute This Topic: https://lists.openembedded.org/mt/118218219/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][whinlatter][PATCH] libjxl: mark CVE-2025-12474 and CVE-2026-1837 patched

Reply via email to