* [OE-core][PATCH] glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched
@ 2026-01-25 16:22 Peter Marko
2026-01-28 12:43 ` [PATCH] " Varatharajan, Deepesh
0 siblings, 1 reply; 3+ messages in thread
From: Peter Marko @ 2026-01-25 16:22 UTC (permalink / raw)
To: openembedded-core; +Cc: Peter Marko
From: Peter Marko <peter.marko@siemens.com>
These were fixed with last hash update and start to appearing in CVE
reports.
Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
meta/recipes-core/glibc/glibc_2.42.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta/recipes-core/glibc/glibc_2.42.bb b/meta/recipes-core/glibc/glibc_2.42.bb
index b33d1b44ba..76ef521a1c 100644
--- a/meta/recipes-core/glibc/glibc_2.42.bb
+++ b/meta/recipes-core/glibc/glibc_2.42.bb
@@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, m
easier access for another. 'ASLR bypass itself is not a vulnerability.'"
CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
-CVE_STATUS_STABLE_BACKPORTS = ""
+CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861 CVE-2026-0915"
CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
DEPENDS += "gperf-native bison-native"
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched
2026-01-25 16:22 [OE-core][PATCH] glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched Peter Marko
@ 2026-01-28 12:43 ` Varatharajan, Deepesh
2026-01-28 19:08 ` [OE-core] " Marko, Peter
0 siblings, 1 reply; 3+ messages in thread
From: Varatharajan, Deepesh @ 2026-01-28 12:43 UTC (permalink / raw)
To: openembedded-core
[-- Attachment #1: Type: text/plain, Size: 341 bytes --]
On Sun, Jan 25, 2026 at 09:59 PM, Peter Marko wrote:
>
> -CVE_STATUS_STABLE_BACKPORTS = ""
> +CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861
> CVE-2026-0915"
Hi Peter,
The current commit hash does not include the fix for *CVE-2025-15281*. The hash needs to be updated to incorporate this fix.
Regards,
Deepesh
[-- Attachment #2: Type: text/html, Size: 414 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: [OE-core] [PATCH] glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched
2026-01-28 12:43 ` [PATCH] " Varatharajan, Deepesh
@ 2026-01-28 19:08 ` Marko, Peter
0 siblings, 0 replies; 3+ messages in thread
From: Marko, Peter @ 2026-01-28 19:08 UTC (permalink / raw)
To: deepesh.varatharajan@windriver.com,
openembedded-core@lists.openembedded.org
[-- Attachment #1: Type: text/plain, Size: 750 bytes --]
Thanks for noticing.
I have sent a hash bump to have the CVE fixed.
Peter
From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Varatharajan, Deepesh via lists.openembedded.org
Sent: Wednesday, January 28, 2026 13:43
To: openembedded-core@lists.openembedded.org
Subject: Re: [OE-core] [PATCH] glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched
On Sun, Jan 25, 2026 at 09:59 PM, Peter Marko wrote:
-CVE_STATUS_STABLE_BACKPORTS = ""
+CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861 CVE-2026-0915"
Hi Peter,
The current commit hash does not include the fix for CVE-2025-15281. The hash needs to be updated to incorporate this fix.
Regards,
Deepesh
[-- Attachment #2: Type: text/html, Size: 3374 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-01-28 19:08 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-01-25 16:22 [OE-core][PATCH] glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched Peter Marko
2026-01-28 12:43 ` [PATCH] " Varatharajan, Deepesh
2026-01-28 19:08 ` [OE-core] " Marko, Peter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox