From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 0/8] Patch review
Date: Sat, 22 Apr 2023 05:54:32 -1000 [thread overview]
Message-ID: <cover.1682178752.git.steve@sakoman.com> (raw)
Please review this set of patches for kirkstone and have comments back by
end of day Tuesday.
Passed a-full on autobuilder:
https://autobuilder.yoctoproject.org/typhoon/#/builders/83/builds/5209
The following changes since commit b67e714b367a08fdeeeff68c2d9495ec9bc07304:
package.bbclass: correct check for /build in copydebugsources() (2023-04-14 07:19:08 -1000)
are available in the Git repository at:
https://git.openembedded.org/openembedded-core-contrib stable/kirkstone-nut
http://cgit.openembedded.org/openembedded-core-contrib/log/?h=stable/kirkstone-nut
Hitendra Prajapati (2):
ruby: CVE-2023-28756 ReDoS vulnerability in Time
screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs
Peter Marko (1):
go: ignore CVE-2022-41716
Shubham Kulkarni (1):
go-runtime: Security fix for CVE-2022-41722
Siddharth Doshi (1):
curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538
Sundeep KOKKONDA (1):
cargo : non vulnerable cve-2022-46176 added to excluded list
Vivek Kumbhar (1):
go: fix CVE-2023-24537 Infinite loop in parsing
Xiangyu Chen (1):
shadow: backport patch to fix CVE-2023-29383
.../distro/include/cve-extra-exclusions.inc | 5 +
meta/recipes-devtools/go/go-1.17.13.inc | 5 +
.../go/go-1.18/CVE-2022-41722.patch | 103 +++++++++
.../go/go-1.18/CVE-2023-24537.patch | 75 +++++++
.../ruby/ruby/CVE-2023-28756.patch | 73 +++++++
meta/recipes-devtools/ruby/ruby_3.1.3.bb | 1 +
.../screen/screen/CVE-2023-24626.patch | 40 ++++
meta/recipes-extended/screen/screen_4.9.0.bb | 1 +
.../files/0001-Overhaul-valid_field.patch | 65 ++++++
.../shadow/files/CVE-2023-29383.patch | 53 +++++
meta/recipes-extended/shadow/shadow.inc | 2 +
.../curl/curl/CVE-2023-27535-pre1.patch | 196 ++++++++++++++++++
.../CVE-2023-27535_and_CVE-2023-27538.patch | 170 +++++++++++++++
.../curl/curl/CVE-2023-27536.patch | 52 +++++
meta/recipes-support/curl/curl_7.82.0.bb | 3 +
15 files changed, 844 insertions(+)
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2022-41722.patch
create mode 100644 meta/recipes-devtools/go/go-1.18/CVE-2023-24537.patch
create mode 100644 meta/recipes-devtools/ruby/ruby/CVE-2023-28756.patch
create mode 100644 meta/recipes-extended/screen/screen/CVE-2023-24626.patch
create mode 100644 meta/recipes-extended/shadow/files/0001-Overhaul-valid_field.patch
create mode 100644 meta/recipes-extended/shadow/files/CVE-2023-29383.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535-pre1.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27535_and_CVE-2023-27538.patch
create mode 100644 meta/recipes-support/curl/curl/CVE-2023-27536.patch
--
2.34.1
next reply other threads:[~2023-04-22 15:54 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-22 15:54 Steve Sakoman [this message]
2023-04-22 15:54 ` [OE-core][kirkstone 1/8] ruby: CVE-2023-28756 ReDoS vulnerability in Time Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 2/8] curl: Security fix for CVE-2023-27535, CVE-2023-27536, CVE-2023-27538 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 3/8] cargo : non vulnerable cve-2022-46176 added to excluded list Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 4/8] go-runtime: Security fix for CVE-2022-41722 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 5/8] shadow: backport patch to fix CVE-2023-29383 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 6/8] go: ignore CVE-2022-41716 Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 7/8] screen: CVE-2023-24626 allows sending SIGHUP to arbitrary PIDs Steve Sakoman
2023-04-22 15:54 ` [OE-core][kirkstone 8/8] go: fix CVE-2023-24537 Infinite loop in parsing Steve Sakoman
-- strict thread matches above, loose matches on Subject: below --
2025-11-03 20:59 [OE-core][kirkstone 0/8] Patch review Steve Sakoman
2025-10-17 20:43 Steve Sakoman
2025-08-13 21:28 Steve Sakoman
2025-04-01 22:36 Steve Sakoman
2024-08-04 17:08 Steve Sakoman
2024-05-24 12:14 Steve Sakoman
2024-03-12 13:53 Steve Sakoman
2024-02-12 13:54 Steve Sakoman
2023-11-29 23:04 Steve Sakoman
2023-09-13 14:30 Steve Sakoman
2023-08-27 20:52 Steve Sakoman
2023-07-24 2:33 Steve Sakoman
2022-10-27 2:36 Steve Sakoman
2022-10-28 2:07 ` Tim Orling
2022-08-09 21:27 Steve Sakoman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1682178752.git.steve@sakoman.com \
--to=steve@sakoman.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.