[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core][dunfell 0/9] Patch review
From: "Steve Sakoman" <steve () sakoman ! com>
Date: 2023-04-30 16:25:51
Message-ID: cover.1682871868.git.steve () sakoman ! com
[Download RAW message or body]
Content-Transfer-Encoding: 8bit
Please review this set of patches for dunfell and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5239
The following changes since commit d1943e6a0ec00653c81cd4c0bb0d6b7e0909094c:
go: fix CVE-2023-24537 Infinite loop in parsing (2023-04-21 04:15:45 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/dunfell-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/dunfell-nut
Christoph Lauer (1):
populate_sdk_base: add zip options
Nikhil R (1):
openssl: Fix CVE-2023-0464
Omkar Patil (2):
openssl: Fix CVE-2023-0465
openssl: Fix CVE-2023-0466
Shubham Kulkarni (1):
go: Ignore CVE-2022-1705
Vijay Anusuri (2):
sudo: Security fix for CVE-2023-28486 and CVE-2023-28487
curl: Security fix CVE-2023-27533, CVE-2023-27535 and CVE-2023-27536
Virendra Thakur (1):
qemu: Whitelist CVE-2023-0664
Vivek Kumbhar (1):
go: fix CVE-2023-24534 denial of service from excessive memory
allocation
meta/classes/populate_sdk_base.bbclass | 4 +-
.../openssl/openssl/CVE-2023-0464.patch | 226 ++++++
.../openssl/openssl/CVE-2023-0465.patch | 60 ++
.../openssl/openssl/CVE-2023-0466.patch | 82 +++
.../openssl/openssl_1.1.1t.bb | 3 +
meta/recipes-devtools/go/go-1.14.inc | 4 +
.../go/go-1.14/CVE-2023-24534.patch | 200 ++++++
meta/recipes-devtools/qemu/qemu.inc | 5 +
.../CVE-2023-28486_CVE-2023-28487-1.patch | 646 ++++++++++++++++++
.../CVE-2023-28486_CVE-2023-28487-2.patch | 26 +
meta/recipes-extended/sudo/sudo_1.8.32.bb | 2 +
.../curl/curl/CVE-2023-27533.patch | 59 ++
.../curl/curl/CVE-2023-27535-pre1.patch | 236 +++++++
.../curl/curl/CVE-2023-27535.patch | 170 +++++
.../curl/curl/CVE-2023-27536.patch | 55 ++
meta/recipes-support/curl/curl_7.69.1.bb | 4 +
16 files changed, 1781 insertions(+), 1 deletion(-)
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0464.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0465.patch
create mode 100644 meta/recipes-connectivity/openssl/openssl/CVE-2023-0466.patch
create mode 100644 meta/recipes-devtools/go/go-1.14/CVE-2023-24534.patch
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-1.patch
create mode 100644 meta/recipes-extended/sudo/sudo/CVE-2023-28486_CVE-2023-28487-2.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27533.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#180572): https://lists.openembedded.org/g/openembedded-core/message/180572
Mute This Topic: https://lists.openembedded.org/mt/98596884/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic