[PATCH v3 3/4] libsoup: mark CVEs which have been resolved upstream

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: Ross Burton <ross.burton@arm.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH v3 3/4] libsoup: mark CVEs which have been resolved upstream
Date: Thu, 16 Apr 2026 11:30:59 +0100	[thread overview]
Message-ID: <20260416103100.3152304-3-ross.burton@arm.com> (raw)
In-Reply-To: <20260416103100.3152304-1-ross.burton@arm.com>

These issues have all been fixed in the 3.6.6 release that we have, but
the CPEs are unversioned. I've contacted NIST to update the database but
until that happens we can mark them as fixed.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-support/libsoup/libsoup_3.6.6.bb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-support/libsoup/libsoup_3.6.6.bb b/meta/recipes-support/libsoup/libsoup_3.6.6.bb
index b51368adb64..9bc3f2f86fb 100644
--- a/meta/recipes-support/libsoup/libsoup_3.6.6.bb
+++ b/meta/recipes-support/libsoup/libsoup_3.6.6.bb
@@ -58,3 +58,8 @@ DEBIAN_NOAUTONAME:${PN} = "1"
 RRECOMMENDS:${PN} = "glib-networking"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2026-1467] = "fixed-version: fixed in 3.6.6"
+CVE_STATUS[CVE-2026-1536] = "fixed-version: fixed in 3.6.6"
+CVE_STATUS[CVE-2026-1801] = "fixed-version: fixed in 3.6.6"
+CVE_STATUS[CVE-2026-2443] = "fixed-version: fixed in 3.6.6"
-- 
2.43.0

next prev parent reply	other threads:[~2026-04-16 10:31 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-04-16 10:30 [PATCH v3 1/4] glib-networking: backport fix for CVE-2026-2574 Ross Burton
2026-04-16 10:30 ` [PATCH v3 2/4] libsoup: actually apply patches for CVE-2025-32049 and CVE-2026-1539 Ross Burton
2026-04-16 10:30 ` Ross Burton [this message]
2026-04-16 10:31 ` [PATCH v3 4/4] python3-requests: backport fix for CVE-2026-25645 Ross Burton

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b51368adb6 dfblob:9bc3f2f86f )
 OR (
bs:"[PATCH v3 3/4] libsoup: mark CVEs which have been resolved upstream" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260416103100.3152304-3-ross.burton@arm.com \
    --to=ross.burton@arm.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox