and is ignored in the
implementation provided by busybox package.
A repeated check if the process is still running and another try with
another signal after a timeout will effectively simulate a stop with
--retry=TERM/5/KILL/5 schedule.
Signed-off-by: Stefan Ghinea
---
.../redis/redis-7/init-redis-server
if MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
References:
https://nvd.nist.gov/vuln/detail/CVE-2022-46392
https://nvd.nist.gov/vuln/detail/CVE-2022-46393
Upstream patches:
https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2
Signed-off-by: Stefan Ghi
://nvd.nist.gov/vuln/detail/CVE-2021-32563
Upstream patches:
https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
Signed-off-by: Stefan Ghinea
---
.../thunar/thunar/CVE-2021-32563-1.patch
]
Hello Stehan,
On 4/16/21 8:24 AM, Stefan Ghinea wrote:
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8,
MultiPartParser allowed directory traversal via uploaded files with
suitably crafted file names. Built-in upload handlers were not affected
by this vulnerability.
References
Upstream patches:
https://github.com/django/django/commit/4036d62bda0e9e9f6172943794b744a454ca49c2
Signed-off-by: Stefan Ghinea
---
.../CVE-2021-28658.patch | 289 ++
.../python/python3-django_2.2.16.bb | 2 +
2 files changed, 291 insertions
=a0541334a6394f8237a4393b7372693cd7e96f15
Signed-off-by: Stefan Ghinea
---
.../hostapd/hostapd/CVE-2021-30004.patch | 123 ++
.../hostapd/hostapd_2.9.bb| 1 +
2 files changed, 124 insertions(+)
create mode 100644
meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch
diff
=a0541334a6394f8237a4393b7372693cd7e96f15
Signed-off-by: Stefan Ghinea
---
.../hostapd/hostapd/CVE-2021-30004.patch | 123 ++
.../hostapd/hostapd_2.9.bb| 1 +
2 files changed, 124 insertions(+)
create mode 100644
meta-oe/recipes-connectivity/hostapd/hostapd/CVE-2021-30004.patch
diff
WARNING: quagga-1.2.4-r0 do_fetch: Failed to fetch URL
https://download.savannah.gnu.org/releases/quagga/quagga-1.2.4.tar.gz;,
attempting MIRRORS if available
Signed-off-by: Stefan Ghinea
---
meta-networking/recipes-protocols/quagga/quagga.inc | 2 +-
1 file changed, 1 insertion(+), 1 deletion