| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2022-39836:
An issue was discovered in Connected Vehicle Systems Alliance (COVESA)
dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted
DLT file that crashes the process can be created. This is due to missing
validation checks. There is a heap-based buffer over-read of one byte.
CVE-2022-39837:
An issue was discovered in Connected Vehicle Systems Alliance (COVESA)
dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted
DLT file that crashes the process can be created. This is due to missing
validation checks. There is a NULL pointer dereference.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-39836
https://nvd.nist.gov/vuln/detail/CVE-2022-39837
Upstream patch:
https://github.com/COVESA/dlt-daemon/commit/855e0017a980d2990c16f7dbf3b4983b48fac272
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Update SRC_URI to fix do_fetch warning. The SRC_URI
http://www.freediameter.net/hg/freeDiameter/archive/1.4.0.tar.gz
is not available, which has moved to
https://github.com/freeDiameter/freeDiameter.git.
Signed-off-by: Haixiao Yan <haixiao.yan.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Backport patch [1] to fix memory leak by freeing tclist
[1] https://github.com/net-snmp/net-snmp/commit/4bd0d9a8a2860c2c46307aef5ee1ccc69f7e3b62
Signed-off-by: Jinfeng Wang <jinfeng.wang.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Full changelog:
https://github.com/PythonCharmers/python-future/releases
(cherry-picked from a10bda8c873e66f0d895cf8065cbc076b2055655)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Jiaying Song <jiaying.song.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2025-24529:
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS
vulnerability has been discovered for the Insert tab.
Refer: https://nvd.nist.gov/vuln/detail/CVE-2025-24529
CVE-2025-24530:
An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS
vulnerability has been discovered for the check tables feature. A
crafted table or database name could be used for XSS.
Refer: https://nvd.nist.gov/vuln/detail/CVE-2025-24530
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When
an SSL context was reset with the mbedtls_ssl_session_reset()
API, the maximum TLS version to be negotiated was not restored
to the configured one. An attacker was able to prevent an Mbed
TLS server from establishing any TLS 1.3 connection, potentially
resulting in a Denial of Service or forced version downgrade from
TLS 1.3 to TLS 1.2.
fix indent issue in mbedtls_3.5.2.bb file.
Reference:
https://security-tracker.debian.org/tracker/CVE-2024-28755
https://security-tracker.debian.org/tracker/CVE-2024-28836
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Martin Jansa <martin.jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable ptest for libssh , this change is backported from upstream
scarthgap.
Reference: https://git.openembedded.org/meta-openembedded/commit/?h=scarthgap&id=bf49bdea290ba8cf18f3fd6b47d1d71dfe499948
~ # ptest-runner libssh
START: ptest-runner
2025-01-28T14:28
BEGIN: /usr/lib/libssh/ptest
PASS: torture_buffer
PASS: torture_callbacks
PASS: torture_channel
PASS: torture_config
PASS: torture_crypto
PASS: torture_hashes
PASS: torture_init
PASS: torture_isipaddr
PASS: torture_keyfiles
PASS: torture_knownhosts_parsing
PASS: torture_list
PASS: torture_misc
PASS: torture_options
PASS: torture_packet
PASS: torture_packet_filter
PASS: torture_pki
PASS: torture_pki_ecdsa
PASS: torture_pki_ed25519
PASS: torture_pki_rsa
PASS: torture_rand
PASS: torture_threads_buffer
PASS: torture_threads_crypto
PASS: torture_threads_init
PASS: torture_threads_pki_rsa
DURATION: 119
END: /usr/lib/libssh/ptest
2025-01-28T14:29
STOP: ptest-runner
TOTAL: 1 FAIL: 0
Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redis is an open source, in-memory database that persists on disk.
An authenticated with sufficient privileges may create a malformed
ACL selector which, when accessed, triggers a server panic and
subsequent denial of service. The problem is fixed in Redis 7.2.7
and 7.4.2.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-51741
Upstream-patch:
https://github.com/redis/redis/commit/15e212bf69de28d2b4585aa79cc2a40f49e4a94d
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redis is an open source, in-memory database that persists on disk.
An authenticated user may use a specially crafted Lua script to
manipulate the garbage collector and potentially lead to remote
code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17.
An additional workaround to mitigate the problem without patching
the redis-server executable is to prevent users from executing Lua
scripts. This can be done using ACL to restrict EVAL and EVALSHA
commands.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-46981
Upstream-patch:
https://github.com/redis/redis/commit/e344b2b5879aa52870e6838212dfb78b7968fcbf
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redis is an open source, in-memory database that persists on disk.
An authenticated user may use a specially crafted Lua script to
trigger a stack buffer overflow in the bit library, which may
potentially lead to remote code execution. The problem exists in
all versions of Redis with Lua scripting. This problem has been
fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1. Users are advised
to upgrade. There are no known workarounds for this vulnerability.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-31449
Upstream-patches:
https://github.com/redis/redis/commit/1f7c148be2cbacf7d50aa461c58b871e87cc5ed9
https://github.com/redis/redis/commit/fe8de4313f85e0f8af2eff1f78b52cfe56fb4c71
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redis is an open source, in-memory database that persists on disk.
Authenticated users can trigger a denial-of-service by using specially
crafted, long string match patterns on supported commands such as
`KEYS`, `SCAN`, `PSUBSCRIBE`, `FUNCTION LIST`, `COMMAND LIST` and ACL
definitions. Matching of extremely long patterns may result in
unbounded recursion, leading to stack overflow and process crash.
This problem has been fixed in Redis versions 6.2.16, 7.2.6, and 7.4.1.
Users are advised to upgrade. There are no known workarounds for this
vulnerability.
References:
https://security-tracker.debian.org/tracker/CVE-2024-31228
Upstream-patch:
https://github.com/redis/redis/commit/9317bf64659b33166a943ec03d5d9b954e86afb0
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redis is an open source, in-memory database that persists on disk.
An authenticated with sufficient privileges may create a malformed
ACL selector which, when accessed, triggers a server panic and
subsequent denial of service. The problem exists in Redis 7 prior
to versions 7.2.6 and 7.4.1. Users are advised to upgrade. There
are no known workarounds for this vulnerability.
Reference:
https://security-tracker.debian.org/tracker/CVE-2024-31227
Upstream-patch:
https://github.com/redis/redis/commit/b351d5a3210e61cc3b22ba38a723d6da8f3c298a
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redis is an in-memory database that persists on disk. On startup,
Redis begins listening on a Unix socket before adjusting its
permissions to the user-provided configuration. If a permissive
umask(2) is used, this creates a race condition that enables,
during a short period of time, another process to establish an
otherwise unauthorized connection. This problem has existed
since Redis 2.6.0-RC1. This issue has been addressed in Redis
versions 7.2.2, 7.0.14 and 6.2.14. Users are advised to upgrade.
For users unable to upgrade, it is possible to work around the
problem by disabling Unix sockets, starting Redis with a restrictive
umask, or storing the Unix socket file in a protected directory.
Reference:
https://security-tracker.debian.org/tracker/CVE-2023-45145
Upstream-patch:
https://github.com/redis/redis/commit/7f486ea6eebf0afce74f2e59763b9b82b78629dc
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Redis is an in-memory database that persists on disk.
Redis incorrectly handles resizing of memory buffers
which can result in integer overflow that leads to heap
overflow and potential remote code execution. This
issue has been patched in version 7.0.15 and 7.2.4.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-41056
Upstream-patch:
https://github.com/redis/redis/commit/e351099e1119fb89496be578f5232c61ce300224
Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Upstream commit:
https://github.com/uclouvain/openjpeg/commit/c58bc128b4f770e7c89bc8ba3d0273b9a3904aad
Reference:
https://github.com/uclouvain/openjpeg/pull/1547
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Passing a heavily nested list to sqlparse.parse() leads to a Denial
of Service due to RecursionError.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-4340
Upstream-patch:
https://github.com/andialbrecht/sqlparse/commit/b4a39d9850969b4e1d6940d32094ee0b42a2cf03
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45620:
A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use
a crafted USB Device or Smart Card, which would present the system with a specially
crafted response to APDUs. When buffers are partially filled with data, initialized
parts of the buffer can be incorrectly accessed.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45620]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/a1bcc6516f43d570899820d259b71c53f8049168]
[https://github.com/OpenSC/OpenSC/commit/6baa19596598169d652659863470a60c5ed79ecd]
[https://github.com/OpenSC/OpenSC/commit/468a314d76b26f724a551f2eb339dd17c856cf18]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45619:
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
An attacker could use a crafted USB Device or Smart Card, which would present the system
with a specially crafted response to APDUs. When buffers are partially filled with data,
initialized parts of the buffer can be incorrectly accessed.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45619]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/f01bfbd19b9c8243a40f7f17d554fe0eb9e89d0d]
[https://github.com/OpenSC/OpenSC/commit/a1d8c01c1cabd115dda8c298941d1786fb4c5c2f]
[https://github.com/OpenSC/OpenSC/commit/673065630bf4aaf03c370fc791ef6a6239431214]
[https://github.com/OpenSC/OpenSC/commit/e20ca25204c9c5e36f53ae92ddf017cd17d07e31]
[https://github.com/OpenSC/OpenSC/commit/2b6cd52775b5448f6a993922a30c7a38d9626134]
[https://github.com/OpenSC/OpenSC/commit/dd554a2e1e31e6cb75c627c653652696d61e8de8]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45618:
A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted
USB Device or Smart Card, which would present the system with a specially crafted
response to APDUs. Insufficient or missing checking of return values of functions
leads to unexpected work with variables that have not been initialized.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45618]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/8632ec172beda894581d67eaa991e519a7874f7d]
[https://github.com/OpenSC/OpenSC/commit/f9d68660f032ad4d7803431d5fc7577ea8792ac3]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45617:
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
An attacker could use a crafted USB Device or Smart Card, which would present the system
with a specially crafted response to APDUs. Insufficient or missing checking of return
values of functions leads to unexpected work with variables that have not been initialized.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45617]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc]
[https://github.com/OpenSC/OpenSC/commit/fdb9e903eb124b6b18a5a9350a26eceb775585bc]
[https://github.com/OpenSC/OpenSC/commit/efbc14ffa190e3e0ceecceb479024bb778b0ab68]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45616:
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
An attacker could use a crafted USB Device or Smart Card, which would present the system
with a specially crafted response to APDUs. The following problems were caused by
insufficient control of the response APDU buffer and its length when communicating
with the card.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45616]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/1d3b410e06d33cfc4c70e8a25386e456cfbd7bd1]
[https://github.com/OpenSC/OpenSC/commit/265b28344d036a462f38002d957a0636fda57614]
[https://github.com/OpenSC/OpenSC/commit/e7177c7ca00200afea820d155dca67f38b232967]
[https://github.com/OpenSC/OpenSC/commit/ef7b10a18e6a4d4f03f0c47ea81aa8136f3eca60]
[https://github.com/OpenSC/OpenSC/commit/76115e34799906a64202df952a8a9915d30bc89d]
[https://github.com/OpenSC/OpenSC/commit/16ada9dc7cddf1cb99516aea67b6752c251c94a2]
[https://github.com/OpenSC/OpenSC/commit/3562969c90a71b0bcce979f0e6d627546073a7fc]
[https://github.com/OpenSC/OpenSC/commit/cccdfc46b10184d1eea62d07fe2b06240b7fafbc]
[https://github.com/OpenSC/OpenSC/commit/5fa758767e517779fc5398b6b4faedc4e36d3de5]
[https://github.com/OpenSC/OpenSC/commit/aa102cd9abe1b0eaf537d9dd926844a46060d8bc]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-45615:
A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK.
The problem is missing initialization of variables expected to be initialized
(as arguments to other functions, etc.).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-45615]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/5e4f26b510b04624386c54816bf26aacea0fe4a1]
[https://github.com/OpenSC/OpenSC/commit/7d68a7f442e38e16625270a0fdc6942c9e9437e6]
[https://github.com/OpenSC/OpenSC/commit/bb3dedb71e59bd17f96fd4e807250a5cf2253cb7]
[https://github.com/OpenSC/OpenSC/commit/42d718dfccd2a10f6d26705b8c991815c855fa3b]
[https://github.com/OpenSC/OpenSC/commit/bde991b0fe4f0250243b0e4960978b1043c13b03]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-8443:
The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable
to Stored Cross-Site Scripting via the ‘themehunk_megamenu_bg_image' parameter in all
versions up to, and including, 1.1.0 due to insufficient input sanitization and output
escaping. This makes it possible for authenticated attackers, with subscriber-level
access and above, to inject arbitrary web scripts in pages that will execute whenever
a user accesses an injected page. Please note that this was partially fixed in 1.1.0
due to the missing authorization protection that was added.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-8433]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/02e847458369c08421fd2d5e9a16a5f272c2de9e]
[https://github.com/OpenSC/OpenSC/commit/b28a3cef416fcfb92fbb9ea7fd3c71df52c6c9fc]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-1454:
The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages,
occuring in the card enrolment process using pkcs15-init when a user or administrator
enrols or modifies cards. An attacker must have physical access to the computer system
and requires a crafted USB device or smart card to present the system with specially
crafted responses to the APDUs, which are considered high complexity and low severity.
This manipulation can allow for compromised card management operations during enrolment.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-1454]
Upstream patches:
[https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-56827:
A flaw was found in the OpenJPEG project. A heap buffer overflow
condition may be triggered when certain options are specified while
using the opj_decompress utility. This can lead to an application crash
or other undefined behavior.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-56827]
[https://github.com/uclouvain/openjpeg/issues/1564]
Upstream patches:
[https://github.com/uclouvain/openjpeg/commit/e492644fbded4c820ca55b5e50e598d346e850e8]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2024-56826:
A flaw was found in the OpenJPEG project. A heap buffer overflow
condition may be triggered when certain options are specified while
using the opj_decompress utility. This can lead to an application crash
or other undefined behavior.
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2024-56826]
[https://github.com/uclouvain/openjpeg/issues/1563]
Upstream patches:
[https://github.com/uclouvain/openjpeg/commit/98592ee6d6904f1b48e8207238779b89a63befa2]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2
before 4.2.17. The strip_tags() method and striptags template filter are subject
to a potential denial-of-service attack via certain inputs containing large
sequences of nested incomplete HTML entities.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-53907
Upstream-patch:
https://github.com/django/django/commit/790eb058b0716c536a2f2e8d1c6d5079d776c22b
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The
django.contrib.auth.forms.PasswordResetForm class, when used in a view
implementing password reset flows, allows remote attackers to enumerate
user e-mail addresses by sending password reset requests and observing
the outcome (only when e-mail sending is consistently failing).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-45231
Upstream-patch:
https://github.com/django/django/commit/bf4888d317ba4506d091eeac6e8b4f1fcc731199
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and
4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are
subject to a potential denial-of-service attack via very large inputs with
a specific sequence of characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-45230
Upstream-patch:
https://github.com/django/django/commit/d147a8ebbdf28c17cafbbe2884f0bc57e2bf82e2
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The
urlize and urlizetrunc template filters, and the AdminURLFieldWidget widget,
are subject to a potential denial-of-service attack via certain inputs with a
very large number of Unicode characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41991
Upstream-patch:
https://github.com/django/django/commit/efea1ef7e2190e3f77ca0651b5458297bc0f6a9f
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15.
The urlize() and urlizetrunc() template filters are subject to a potential
denial-of-service attack via very large inputs with a specific sequence of
characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41990
Upstream-patch:
https://github.com/django/django/commit/d0a82e26a74940bf0c78204933c3bdd6a283eb88
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The
floatformat template filter is subject to significant memory consumption when
given a string representation of a number in scientific notation with a large
exponent.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-41989
Upstream-patches:
https://github.com/django/django/commit/08c5a787262c1ae57f6517d4574b54a5fcaad124
https://github.com/django/django/commit/4b066bde692078b194709d517b27e55defae787c
https://github.com/django/django/commit/dcd974698301a38081c141ccba6dcafa5ed2c80e
https://github.com/django/django/commit/fc76660f589ac07e45e9cd34ccb8087aeb11904b
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14.
get_supported_language_variant() was subject to a potential denial-of-service
attack when used with very long strings containing specific characters.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-39614
Upstream-patch:
https://github.com/django/django/commit/17358fb35fb7217423d4c4877ccb6d1a3a40b1c3
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values
of Accept-Language headers are cached in order to avoid repetitive parsing. This leads
to a potential denial-of-service vector via excessive memory usage if the raw value of
Accept-Language headers is very large.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-23969
Upstream-patch:
https://github.com/django/django/commit/c7e0151fdf33e1b11d488b6f67b94fdf3a30614a
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes CVE-2024-45230, CVE-2024-45231, CVE-2024-53907 and
CVE-2024-53908
Release Notes:
https://docs.djangoproject.com/en/dev/releases/4.2.16/
https://docs.djangoproject.com/en/dev/releases/4.2.17/
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
An issue was discovered in Django 4.2 before 4.2.14 and 5.0 before 5.0.7.
urlize and urlizetrunc were subject to a potential denial of service attack
via certain inputs with a very large number of brackets.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-38875
https://github.com/advisories/GHSA-qg2p-9jwr-mmqf
Upstream-patch:
https://github.com/django/django/commit/79f368764295df109a37192f6182fb6f361d85b5
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds
read vulnerability within the JBIG2Bitmap::combine function
in JBIG2Stream.cc.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-56378
Upstream patch:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/ade9b5ebed44b0c15522c27669ef6cdf93eff84e
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A flaw was found in the Poppler's Pdfinfo utility. This issue
occurs when using -dests parameter with pdfinfo utility. By
using certain malformed input files, an attacker could cause
the utility to crash, leading to a denial of service.
CVE-2024-6239-0001 is the dependent commit and CVE-2024-6239-0002
is the actual CVE fix.
fix indent issue in poppler_22.04.0.bb file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-6239
Upstream patches:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4
https://gitlab.freedesktop.org/poppler/poppler/-/commit/fc1c711cb5f769546c6b31cc688bf0ee7f0c1dbc
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
CVE-2020-36774:
plugins/gtk+/glade-gtk-box.c in GNOME Glade before 3.38.1 and 3.39.x
before 3.40.0 mishandles widget rebuilding for GladeGtkBox, leading to a
denial of service (application crash).
Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2020-36774]
Upstream patches:
[https://gitlab.gnome.org/GNOME/glade/-/commit/7acdd3c6f6934f47b8974ebc2190a59ea5d2ed17]
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
(master rev: 3f88224fb9c436bdd3ccd5d0268914f08625efbf)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Signed-off-by: Akash Hadke <akash.hadke27@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Because they get renamed, it is better to ignore them and let a
dependency build them
Fixes errors like
ERROR: packagegroup-meta-multimedia-1.0-r0 do_package_write_ipk: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (gssdp to libgssdp-1.2-0)
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit eafecde2aedae38879b4c45dd213ff9483f209ad)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
| |
Adds patch to backport fix for CVE-2023-41910.
Signed-off-by: Colin McAllister <colin.mcallister@garmin.com>
Change-Id: Iab619f1f5ba26b1141dffea065c90ef0b180b46e
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Werkzeug is a Web Server Gateway Interface web application library. Applications
using `werkzeug.formparser.MultiPartParser` corresponding to a version of Werkzeug
prior to 3.0.6 to parse `multipart/form-data` requests (e.g. all flask applications)
are vulnerable to a relatively simple but effective resource exhaustion (denial of
service) attack. A specifically crafted form submission request can cause the parser
to allocate and block 3 to 8 times the upload size in main memory. There is no upper
limit; a single upload at 1 Gbit/s can exhaust 32 GB of RAM in less than 60 seconds.
Werkzeug version 3.0.6 fixes this issue.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-49767
Upstream-patch:
https://github.com/pallets/werkzeug/commit/8760275afb72bd10b57d92cb4d52abf759b2f3a7
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Werkzeug is a comprehensive WSGI web application library. The debugger in
affected versions of Werkzeug can allow an attacker to execute code on a
developer's machine under some circumstances. This requires the attacker
to get the developer to interact with a domain and subdomain they control,
and enter the debugger PIN, but if they are successful it allows access to
the debugger even if it is only running on localhost. This also requires
the attacker to guess a URL in the developer's application that will trigger
the debugger. This vulnerability is fixed in 3.0.3.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-34069
Upstream-patches:
https://github.com/pallets/werkzeug/commit/71b69dfb7df3d912e66bab87fbb1f21f83504967
https://github.com/pallets/werkzeug/commit/890b6b62634fa61224222aee31081c61b054ff01
Signed-off-by: Soumya Sambu <soumya.sambu@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
# ./run-ptest
PASS: address
PASS: address_v4
PASS: address_v4_iterator
PASS: address_v4_range
PASS: address_v6
PASS: address_v6_iterator
PASS: address_v6_range
PASS: any_completion_executor
PASS: any_completion_handler
PASS: any_executor
PASS: any_io_executor
PASS: append
PASS: as_tuple
PASS: associated_allocator
PASS: associated_cancellation_slot
PASS: associated_executor
PASS: associated_immediate_executor
PASS: associator
PASS: async_result
[snip]
Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(master rev: 1274b0df3c126e72dcbfd4678d1c25aadb8607dc)
* remove duplicated SRC_URI
* refresh 0001-tests-Remove-blocking_adaptation.cpp.patch
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-10976, CVE-2024-10977, CVE-2024-10978
and CVE-2024-10979
Changelog:
https://www.postgresql.org/docs/release/14.14/
0001-configure.ac-bypass-autoconf-2.69-version-check.patch
refreshed for 14.14
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
|
| |
|
|
|
|
|
|
|
| |
Includes fix for CVE-2024-8929, CVE-2024-11236, CVE-2024-11234 and CVE-2024-11233
Changelog:
https://www.php.net/ChangeLog-8.php#8.1.31
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
|
