[OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating

[OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating

[Adarsh Jagadish Kamini]

From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>

No fix is available yet for CVE-2025-66382 [1].

CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"

[1] https://www.cve.org/CVERecord?id=CVE-2025-66382

Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
---
 meta/recipes-core/expat/expat_2.7.4.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-core/expat/expat_2.7.4.bb b/meta/recipes-core/expat/expat_2.7.4.bb
index f1eff49688..65aee9d17f 100644
--- a/meta/recipes-core/expat/expat_2.7.4.bb
+++ b/meta/recipes-core/expat/expat_2.7.4.bb
@@ -36,3 +36,4 @@ do_install_ptest:class-target() {
 BBCLASSEXTEND += "native nativesdk"
 
 CVE_PRODUCT = "expat libexpat"
+CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"
-- 
2.34.1

Re: [OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating

[Yoann Congal]

On Wed Apr 22, 2026 at 10:54 AM CEST, Adarsh Jagadish Kamini via lists.openembedded.org wrote:
> From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
>
> No fix is available yet for CVE-2025-66382 [1].
>
> CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"
>
> [1] https://www.cve.org/CVERecord?id=CVE-2025-66382
>
> Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
> ---

Sorry, but that will be too late for whinlatter. I finished reviewing
the branch and will start the release build soon.

Regards,

>  meta/recipes-core/expat/expat_2.7.4.bb | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/expat/expat_2.7.4.bb b/meta/recipes-core/expat/expat_2.7.4.bb
> index f1eff49688..65aee9d17f 100644
> --- a/meta/recipes-core/expat/expat_2.7.4.bb
> +++ b/meta/recipes-core/expat/expat_2.7.4.bb
> @@ -36,3 +36,4 @@ do_install_ptest:class-target() {
>  BBCLASSEXTEND += "native nativesdk"
>  
>  CVE_PRODUCT = "expat libexpat"
> +CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"


-- 
Yoann Congal
Smile ECS

Re: [OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating

[Adarsh Jagadish Kamini]

[-- Attachment #1: Type: text/plain, Size: 1560 bytes --]

Hi,
This patch should be dropped.

Thanks!
________________________________
From: Yoann Congal <yoann.congal@smile.fr>
Sent: Wednesday, April 22, 2026 11:11
To: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>; openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core][whinlatter][PATCH] expat: mark CVE-2025-66382 as vulnerable-investigating

On Wed Apr 22, 2026 at 10:54 AM CEST, Adarsh Jagadish Kamini via lists.openembedded.org wrote:
> From: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
>
> No fix is available yet for CVE-2025-66382 [1].
>
> CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"
>
> [1] https://www.cve.org/CVERecord?id=CVE-2025-66382
>
> Signed-off-by: Adarsh Jagadish Kamini <adarsh.jagadish.kamini@est.tech>
> ---

Sorry, but that will be too late for whinlatter. I finished reviewing
the branch and will start the release build soon.

Regards,

>  meta/recipes-core/expat/expat_2.7.4.bb | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/meta/recipes-core/expat/expat_2.7.4.bb b/meta/recipes-core/expat/expat_2.7.4.bb
> index f1eff49688..65aee9d17f 100644
> --- a/meta/recipes-core/expat/expat_2.7.4.bb
> +++ b/meta/recipes-core/expat/expat_2.7.4.bb
> @@ -36,3 +36,4 @@ do_install_ptest:class-target() {
>  BBCLASSEXTEND += "native nativesdk"
>
>  CVE_PRODUCT = "expat libexpat"
> +CVE_STATUS[CVE-2025-66382] = "vulnerable-investigating: no fix available yet"


--
Yoann Congal
Smile ECS


[-- Attachment #2: Type: text/html, Size: 3215 bytes --]