CVE-2015-20107 describes an arbitrary command execution in the mailcap module, but this is by design in mailcap and needs to be worked around by the calling application. Upstream Python will be

This release is primarily to fix two CVEs: - CVE-2021-28544 - CVE-2022-24070 It also rewrites the macOS autoconf macros to be cross-compile friendly, so we don't need to delete them

Backport a submitted patch to fix CVE-2022-1304. Signed-off-by: Ross Burton <ross.burton@...> --- .../e2fsprogs/e2fsprogs/extents.patch | 56 +++++++++++++++++++

Patches to update it very welcome! Cheers, Richard

Hello everyone, This is the full report for yocto-3.3.6.rc1: https://git.yoctoproject.org/cgit/cgit.cgi/yocto-testresults-contrib/tree/?h=intel-yocto-testresults ======= Summary ======== No high

Backport a submitted patch to fix CVE-2022-1304. Signed-off-by: Ross Burton <ross.burton@...> --- .../e2fsprogs/e2fsprogs/extents.patch | 56 +++++++++++++++++++

Rust has been upgraded to rust-1.60.0 that uses LLVM 14. Please refer the following link for more detailed

Hi Richard, should I update your patch or only the Upstream-Status or will you prefer to do it yourself? Regards Stefan Am 14.04.2022 um 22:52 schrieb Richard Purdie via lists.openembedded.org:

From: Mingli Yu <mingli.yu@...> Backport patch [1] to fix CVE-2022-0204. [1]

From: Mingli Yu <mingli.yu@...> * The 9.16 branch will be limited to bug fixes [1] now and upgrade to the latest 9.16.x release to fix some security fixes. - CVE-2021-25219 -

Recently GIT got updated with a security fix: https://github.blog/2022-04-12-git-security-vulnerability-announced/ The problem is that this causes all "git" tasks that run within pseudo (most

Hi Steve, Can you please cherry-pick this on the dunfell branch as well for this Lua CVE? or should I send a patch for this? Ranjitsinh Rathod

This symlink is not valid when using usrmerge and ptest packaging would fail Exception: FileExistsError: [Errno 17] File exists: '/usr/bin/busybox.suid' ->

Branch: honister New this week: 4 CVEs CVE-2015-20107 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107 * CVE-2021-28544 (CVSS3: 4.3

Branch: hardknott New this week: 4 CVEs CVE-2015-20107 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107 * CVE-2021-28544 (CVSS3: 4.3

Branch: dunfell New this week: 3 CVEs CVE-2015-20107 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107 * CVE-2021-28544 (CVSS3: 4.3

Branch: master New this week: 4 CVEs CVE-2015-20107 (CVSS3: 9.8 CRITICAL): python3:python3-native https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-20107 * CVE-2021-28544 (CVSS3: 4.3 MEDIUM):

Some recipes are marked machine specific which need qemu usermode during build eg. if they use meson build system, which means they wont get right -cpu settings to run qemu-ppc/qemu-ppc64 and build

From: Changqing Li <changqing.li@...> Signed-off-by: Changqing Li <changqing.li@...> --- .../libsdl2/libsdl2/CVE-2021-33657.patch | 39 +++++++++++++++++++

Brings in below changes * 499a601796 Default to --with-default-link=no (bug 25812) * 70f1eecdc1 scripts: Add glibcelf.py module * d3feff2232 m68k: Handle fewer relocations for RTLD_BOOTSTRAP