* [OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating
@ 2026-04-22 8:54 Adarsh Jagadish Kamini
2026-04-22 9:11 ` Yoann Congal
0 siblings, 1 reply; 3+ messages in thread
From: Adarsh Jagadish Kamini @ 2026-04-22 8:54 UTC (permalink / raw)
To: openembedded-core; +Cc: Adarsh Jagadish Kamini
From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
No fix is available yet for CVE-2025-66382 [1].
CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"
[1] https://www.cve.org/CVERecord?id=CVE-2025-66382
Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
---
meta/recipes-core/expat/expat_2.7.4.bb | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-core/expat/expat_2.7.4.bb b/meta/recipes-core/expat/expat_2.7.4.bb
index f1eff49688..65aee9d17f 100644
--- a/meta/recipes-core/expat/expat_2.7.4.bb
+++ b/meta/recipes-core/expat/expat_2.7.4.bb
@@ -36,3 +36,4 @@ do_install_ptest:class-target() {
BBCLASSEXTEND += "native nativesdk"
CVE_PRODUCT = "expat libexpat"
+CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"
--
2.34.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating
2026-04-22 8:54 [OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating Adarsh Jagadish Kamini
@ 2026-04-22 9:11 ` Yoann Congal
2026-04-23 12:12 ` Adarsh Jagadish Kamini
0 siblings, 1 reply; 3+ messages in thread
From: Yoann Congal @ 2026-04-22 9:11 UTC (permalink / raw)
To: adarsh.jagadish.kamini, openembedded-core
On Wed Apr 22, 2026 at 10:54 AM CEST, Adarsh Jagadish Kamini via lists.openembedded.org wrote:
> From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
>
> No fix is available yet for CVE-2025-66382 [1].
>
> CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"
>
> [1] https://www.cve.org/CVERecord?id=CVE-2025-66382
>
> Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
> ---
Sorry, but that will be too late for whinlatter. I finished reviewing
the branch and will start the release build soon.
Regards,
> meta/recipes-core/expat/expat_2.7.4.bb | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/expat/expat_2.7.4.bb b/meta/recipes-core/expat/expat_2.7.4.bb
> index f1eff49688..65aee9d17f 100644
> --- a/meta/recipes-core/expat/expat_2.7.4.bb
> +++ b/meta/recipes-core/expat/expat_2.7.4.bb
> @@ -36,3 +36,4 @@ do_install_ptest:class-target() {
> BBCLASSEXTEND += "native nativesdk"
>
> CVE_PRODUCT = "expat libexpat"
> +CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"
--
Yoann Congal
Smile ECS
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating
2026-04-22 9:11 ` Yoann Congal
@ 2026-04-23 12:12 ` Adarsh Jagadish Kamini
0 siblings, 0 replies; 3+ messages in thread
From: Adarsh Jagadish Kamini @ 2026-04-23 12:12 UTC (permalink / raw)
To: Yoann Congal, openembedded-core@lists.openembedded.org
[-- Attachment #1: Type: text/plain, Size: 1560 bytes --]
Hi,
This patch should be dropped.
Thanks!
________________________________
From: Yoann Congal <yoann.congal@smile.fr>
Sent: Wednesday, April 22, 2026 11:11
To: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>; openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating
On Wed Apr 22, 2026 at 10:54 AM CEST, Adarsh Jagadish Kamini via lists.openembedded.org wrote:
> From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
>
> No fix is available yet for CVE-2025-66382 [1].
>
> CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"
>
> [1] https://www.cve.org/CVERecord?id=CVE-2025-66382
>
> Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
> ---
Sorry, but that will be too late for whinlatter. I finished reviewing
the branch and will start the release build soon.
Regards,
> meta/recipes-core/expat/expat_2.7.4.bb | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/expat/expat_2.7.4.bb b/meta/recipes-core/expat/expat_2.7.4.bb
> index f1eff49688..65aee9d17f 100644
> --- a/meta/recipes-core/expat/expat_2.7.4.bb
> +++ b/meta/recipes-core/expat/expat_2.7.4.bb
> @@ -36,3 +36,4 @@ do_install_ptest:class-target() {
> BBCLASSEXTEND += "native nativesdk"
>
> CVE_PRODUCT = "expat libexpat"
> +CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"
--
Yoann Congal
Smile ECS
[-- Attachment #2: Type: text/html, Size: 3215 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-04-23 12:44 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-22 8:54 [OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating Adarsh Jagadish Kamini
2026-04-22 9:11 ` Yoann Congal
2026-04-23 12:12 ` Adarsh Jagadish Kamini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox