[OE-core] [thud][PATCH v2 4/4] libcomps: fix CVE-2019-3817

Signed-off-by: Kevin Weng --- .../libcomps/libcomps/CVE-2019-3817.patch | 97 +++ .../recipes-devtools/libcomps/libcomps_git.bb | 1 + 2 files changed, 98 insertions(+) create mode 100644 meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch diff --git

[OE-core] [thud][PATCH v2 1/4] curl: fix CVE-2018-16890 CVE-2019-3822 CVE-2019-3823

Signed-off-by: Kevin Weng --- .../curl/curl/CVE-2018-16890.patch| 50 + .../curl/curl/CVE-2019-3822.patch | 47 .../curl/curl/CVE-2019-3823.patch | 55 +++ meta/recipes-support/curl/curl_7.61.0.bb | 3 + 4

[OE-core] [thud][PATCH v2 3/4] glib-2.0: fix CVE-2019-13012

Signed-off-by: Kevin Weng --- .../glib-2.0/glib-2.0/CVE-2019-13012.patch| 47 +++ meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch diff --git

[OE-core] [thud][PATCH v2 2/4] dbus: fix CVE-2019-12749

Signed-off-by: Kevin Weng --- .../dbus/dbus/CVE-2019-12749.patch| 127 ++ meta/recipes-core/dbus/dbus_1.12.10.bb| 1 + 2 files changed, 128 insertions(+) create mode 100644 meta/recipes-core/dbus/dbus/CVE-2019-12749.patch diff --git

[OE-core] [thud][PATCH 2/4] dbus: fix CVE-2019-12749

Signed-off-by: Kevin Weng --- .../dbus/dbus/CVE-2019-12749.patch| 127 ++ meta/recipes-core/dbus/dbus_1.12.10.bb| 1 + 2 files changed, 128 insertions(+) create mode 100644 meta/recipes-core/dbus/dbus/CVE-2019-12749.patch diff --git

[OE-core] [thud][PATCH 3/4] glib-2.0: fix CVE-2019-13012

Signed-off-by: Kevin Weng --- .../glib-2.0/glib-2.0/CVE-2019-13012.patch| 47 +++ meta/recipes-core/glib-2.0/glib-2.0_2.58.0.bb | 1 + 2 files changed, 48 insertions(+) create mode 100644 meta/recipes-core/glib-2.0/glib-2.0/CVE-2019-13012.patch diff --git

[OE-core] [thud][PATCH 1/4] curl: fix CVE-2018-16890 CVE-2019-3822 CVE-2019-3823

Signed-off-by: Kevin Weng --- .../curl/curl/CVE-2018-16890.patch| 50 + .../curl/curl/CVE-2019-3822.patch | 47 .../curl/curl/CVE-2019-3823.patch | 55 +++ meta/recipes-support/curl/curl_7.61.0.bb | 3 + 4

[OE-core] [thud][PATCH 4/4] libcomps: fix CVE-2019-3817

Signed-off-by: Kevin Weng --- .../libcomps/libcomps/CVE-2019-3817.patch | 97 +++ .../recipes-devtools/libcomps/libcomps_git.bb | 1 + 2 files changed, 98 insertions(+) create mode 100644 meta/recipes-devtools/libcomps/libcomps/CVE-2019-3817.patch diff --git

Re: [OE-core] [PATCH 1/4] cve-update-db: New recipe to update CVE database

Hi Pierre, I found that the hash function is causing collisions in the generated database such that some CVEs are being overwritten because of the UNIQUE constraint on the HASH column. For example, CVE-2018-1000873 has the same hash of 623198722 as CVE-2018-18338. This results in one of the