On Sun, Dec 31, 2023 at 2:23 PM Richard Purdie
wrote:
>
> On Sat, 2023-12-30 at 15:49 +, Alex Kiernan wrote:
> > Drop backported musl fixes. Set `change-id` rather than `changelog-seen`
> > to fix build warning. Add fixes for 85c0ce24cc74 ("remap cargo
> > dependencies to /rust/deps") which
On Sat, 2023-12-30 at 15:49 +, Alex Kiernan wrote:
> Drop backported musl fixes. Set `change-id` rather than `changelog-seen`
> to fix build warning. Add fixes for 85c0ce24cc74 ("remap cargo
> dependencies to /rust/deps") which otherwise cause build failures:
>
> > thread 'main' panicked at
Branch: nanbield
New this week: 4 CVEs
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 *
CVE-2023-6228 (CVSS3: 5.5 MEDIUM): tiff
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 *
CVE-2023-6931
Branch: kirkstone
New this week: 2 CVEs
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): dropbear:libssh2:libssh2-native
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 *
CVE-2023-6228 (CVSS3: 5.5 MEDIUM): tiff
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 *
Removed this
Latest wireshark (4.2.0) is needed for python 3.12 support;
it also requires speexdsp unconditionally, and wireshark-native
for its own build helper tools in native versions.
So speexdsp needs a native version so that wireshark-native
builds without error.
Signed-off-by: Alexander Kanavin
---
Branch: dunfell
New this week: 2 CVEs
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): dropbear
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 *
CVE-2023-6228 (CVSS3: 5.5 MEDIUM): tiff
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 *
Removed this week: 7 CVEs
CVE-2022-47007
Branch: master
New this week: 4 CVEs
CVE-2023-48795 (CVSS3: 5.9 MEDIUM): libssh2:libssh2-native:openssh
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-48795 *
CVE-2023-6228 (CVSS3: 5.5 MEDIUM): tiff
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-6228 *
CVE-2023-6931
For what it's worth, I am not seeing any of these issues (hanging
processes after bitbake exit, timeouts on world builds with all
meta-oe-layers) with python 3.12 provided by buildtools-tarball. The
issues are probably real, but it's also possible python 3.12 per se is
not to blame.
It would