diff options
author | Andrew Geissler <geissonator@yahoo.com> | 2024-01-11 20:55:23 +0300 |
---|---|---|
committer | Andrew Geissler <geissonator@yahoo.com> | 2024-01-11 20:56:06 +0300 |
commit | d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b (patch) | |
tree | cd2f355c9c8ae01d490e733e8c83d86f89e92bc8 /poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc | |
parent | 06a6d53090fbf4da09a79d24c2147c5d78640b0c (diff) | |
download | openbmc-d4fa64b8fbad9ed7bef03090adec4a99cf9ecd5b.tar.xz |
subtree updates:nanbield: Jan 11, 2024
poky: bf9f2f6f60..61a59d00a0:
Adam Johnston (1):
useradd_base: Fix sed command line for passwd-expire
Alexander Kanavin (1):
cmake: upgrade 3.27.5 -> 3.27.7
Anuj Mittal (1):
gstreamer1.0: upgrade 1.22.6 -> 1.22.7
Bastian Krause (1):
linux-firmware: add new fw file to ${PN}-rtl8821
Bruce Ashfield (25):
linux-yocto/6.1: update to v6.1.59
linux-yocto/6.1: update to v6.1.60
linux-yocto/6.5: update to v6.5.8
linux-yocto/6.5: update to v6.5.9
kern-tools: make lower context patches reproducible
kern-tools: bump SRCREV for queue processing changes
kern-tools: update SRCREV to include SECURITY.md file
kernel-yocto: improve metadata patching
linux-yocto/6.1: cfg: restore CONFIG_DEVMEM
linux-yocto/6.1: update to v6.1.61
linux-yocto/6.1: update to v6.1.62
linux-yocto/6.1: update to v6.1.65
linux-yocto/6.5: cfg: restore CONFIG_DEVMEM
linux-yocto/6.5: update to v6.5.10
linux-yocto/6.5: cfg: split runtime and symbol debug
linux-yocto/6.5: update to v6.5.11
linux-yocto/6.5: update to v6.5.12
linux-yocto/6.5: update to v6.5.13
linux-yocto/6.1: drop removed IMA option
linux-yocto-rt/6.1: update to -rt18
linux-yocto/6.1: update to v6.1.66
linux-yocto/6.1: update to v6.1.67
linux-yocto/6.1: update to v6.1.68
linux-yocto/6.5: drop removed IMA option
linux-yocto/6.5: fix AB-INT: QEMU kernel panic: No irq handler for vector
Chen Qi (1):
systemd: fix DynamicUser issue
Deepthi Hemraj (1):
rust: Fix CVE-2023-40030
Dhairya Nagodra (2):
cve-update-nvd2-native: faster requests with API keys
cve-update-nvd2-native: increase the delay between subsequent request failures
Dmitry Baryshkov (9):
linux-firmware: upgrade 20230804 -> 20231030
linux-firmware: add missing depenencies on license packages
linux-firmware: add notice file to sdm845 modem firmware
linux-firmware: add audio topology symlink to the X13's audio package
linux-firmware: package firmware for Qualcomm Adreno a702
linux-firmware: package firmware for Qualcomm QCM2290 / QRB4210
linux-firmware: package Qualcomm Venus 6.0 firmware
linux-firmware: package Robotics RB5 sensors DSP firmware
meson: use correct targets for rust binaries
Fahad Arslan (1):
linux-firmware: create separate packages
Javier Tia (1):
kernel-arch: use ccache only for compiler
Jermain Horsman (2):
lib/oe/buildcfg.py: Include missing import
lib/oe/buildcfg.py: Remove unused parameter
Joakim Tjernlund (1):
sed -i destroys symlinks
Joshua Watt (1):
bitbake: asyncrpc: Add context manager API
Julien Stephan (2):
devtool: fix update-recipe dry-run mode
devtool: finish/update-recipe: restrict mode srcrev to recipes fetched from SCM
Justin Bronder (1):
contributor-guide: add License-Update tag
Khem Raj (1):
python3-urllib3: Upgrade to 2.0.7
Lee Chee Yang (10):
migration-guides: add release notes for 4.3.1
migration-guide: add release notes for 4.2.4
migration-guide: add release notes for 4.0.14
migration-guides: reword fix in release-notes-4.3.1
migration-guides: add release notes for 4.0.15
avahi: add CVE-2023-38473.patch to SRC_URL
grub: fix CVE-2023-4692 CVE-2023-4693
curl: fix CVE-2023-46218
perlcross: update to 1.5.2
perl: 5.38.0 -> 5.38.2
Marco Felsch (1):
json-c: fix icecc compilation
Markus Volk (3):
gtk: Add rdepend on printbackend for cups
bluez5: fix connection for ps5/dualshock controllers
cups: Add root,sys,wheel to system groups
Marta Rybczynska (1):
bitbake: toastergui: verify that an existing layer path is given
Massimiliano Minella (1):
systemd: update LICENSE statement
Michael Opdenacker (14):
migration-guides: release 3.5 is actually 4.0
contributor-guide: fix command option
dev-manual: layers: update link to YP Compatible form
ref-manual: releases.svg: update nanbield release status
manuals: fix URL
test-manual: text and formatting fixes
test-manual: resource updates
test-manual: add links to python unittest
test-manual: explicit or fix file paths
test-manual: add or improve hyperlinks
dev-manual: runtime-testing: fix test module name
test-manual: use working example
systemd-compat-units.bb: fix postinstall script
ref-manual: update tested and supported distros
Paul Barker (1):
ref-manual: Fix reference to MIRRORS/PREMIRRORS defaults
Peter Kjellerstedt (3):
oeqa/selftest/tinfoil: Add tests that parse virtual recipes
dev-manual: Discourage the use of SRC_URI[md5sum]
bitbake: command: Make parseRecipeFile() handle virtual recipes correctly
Peter Marko (2):
cve-update-nvd2-native: remove unused variable CVE_SOCKET_TIMEOUT
cve-update-nvd2-native: make number of fetch attemtps configurable
Randy MacLeod (1):
strace: backport fix for so_peerpidfd-test
Rasmus Villemoes (1):
perf: lift TARGET_CC_ARCH modification out of security_flags.inc
Richard Purdie (7):
qemu: Upgrade 8.1.0 -> 8.1.2
sstate: Ensure sstate searches update file mtime
testimage: Exclude wtmp from target-dumper commands
bitbake: lib/bb: Add workaround for libgcc issues with python 3.8 and 3.9
linux/cve-exclusion6.1: Update to latest kernel point release
package_ipk: Fix Source: field variable dependency
testimage: Drop target_dumper and most of monitor_dumper
Ross Burton (6):
xwayland: upgrade to 23.2.2
linux-yocto: update CVE exclusions
linux-yocto: update CVE exclusions
lib/oe/patch: ensure os.chdir restoring always happens
tcl: skip timing-dependent tests in run-ptest
tcl: skip async and event tests in run-ptest
Shubham Kulkarni (1):
tzdata: Upgrade to 2023d
Simone Weiß (1):
manuals: brief-yoctoprojectqs: align variable order with default local.conf
Steve Sakoman (2):
poky.conf: bump version for 4.3.2 release
build-appliance-image: Update to nanbield head revision
Sundeep KOKKONDA (2):
glibc: stable 2.38 branch updates
binutils: stable 2.41 branch updates
Tim Orling (2):
lsb-release: use https for UPSTREAM_CHECK_URI
vim: upgrade 9.0.2068 -> 9.0.2130
Trevor Gamblin (2):
python3-ptest: skip test_storlines
patchtest: shorten patch signed-off-by test output
Vijay Anusuri (1):
avahi: backport Debian patches to fix multiple CVE's
Viswanath Kraleti (1):
systemd-boot: Fix build issues on armv7a-linux
Vyacheslav Yurkov (1):
lib/oe/path: Deploy files can start only with a dot
Wang Mingyu (16):
base-passwd: upgrade 3.6.1 -> 3.6.2
enchant2: upgrade 2.6.1 -> 2.6.2
harfbuzz: upgrade 8.2.1 -> 8.2.2
libjpeg-turbo: upgrade 3.0.0 -> 3.0.1
libnewt: upgrade 0.52.23 -> 0.52.24
libnsl2: upgrade 2.0.0 -> 2.0.1
msmtp: upgrade 1.8.24 -> 1.8.25
glib-2.0: upgrade 2.78.0 -> 2.78.1
xserver-xorg: upgrade 21.1.8 -> 21.1.9
ghostscript: upgrade 10.02.0 -> 10.02.1
libsolv: upgrade 0.7.25 -> 0.7.26
bind: upgrade 9.18.19 -> 9.18.20
ell: upgrade 0.59 -> 0.60
libgcrypt: upgrade 1.10.2 -> 1.10.3
libxslt: upgrade 1.1.38 -> 1.1.39
log4cplus: upgrade 2.1.0 -> 2.1.1
William Lyu (1):
openssl: improve handshake test error reporting
Zoltán Böszörményi (1):
update_gtk_icon_cache: Fix for GTK4-only builds
meta-raspberrypi: 8231f97534..fde68b24f0:
Lorenzo Arena (1):
docs: fix syntax for overriding fs type for initramfs image
meta-openembedded: 1750c66ae8..2da6e1b0e4:
Alexandre Belloni (1):
poco: fix branch
Christian Eggers (1):
python3-gcovr: switch to main branch
Dylan Turner (1):
apache2: v2.4.57 to v2.4.58 to fix CVE-2023-43622
Edi Feschiyan (1):
libbytesize: update SRC_URI
Fabio Estevam (3):
openocd: Use https for github
python3-piccata: Use https for github
multipath-tools: Use https for github
Jeffrey Pautler (1):
apache2: add vendor to product name used for CVE checking
Jonas Gorski (1):
frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}
Khem Raj (3):
hwdata: upgrade 0.370 -> 0.375
openvpn: upgrade 2.6.3 -> 2.6.6
python3-scapy: upgrade to latest revision
Ross Burton (1):
yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460
Wang Mingyu (3):
hdf5: Fix install conflict when enable multilib.
dnf-plugin-tui: Recover BBCLASSEXTEND variants
strongswan: upgrade 5.9.11 -> 5.9.12
Zoltán Böszörményi (3):
python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk"
python3-ninja: Set BBCLASSEXTEND = "native nativesdk"
geos: Fix packaging
meta-arm: 0bd7fece41..79c52afe74:
Debbie Martin (2):
arm-systemready: Add parted dependency and inherit testimage
ci: Add Arm SystemReady firmware and IR ACS builds
Harsimran Singh Tungal (1):
arm-bsp/documentation: corstone1000: fix the steps in the user guide and instructions
Change-Id: I9e8e09b85674d653415c01932a5f7a3cbeca877e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
Diffstat (limited to 'poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc')
-rw-r--r-- | poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc index a8df51f321..1b51737c7d 100644 --- a/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc +++ b/poky/meta/recipes-kernel/linux/cve-exclusion_6.1.inc @@ -1,9 +1,9 @@ # Auto-generated CVE metadata, DO NOT EDIT BY HAND. -# Generated at 2023-11-03 13:24:16.070181+00:00 for version 6.1.57 +# Generated at 2023-12-23 08:44:42.304531+00:00 for version 6.1.68 python check_kernel_cve_status_version() { - this_version = "6.1.57" + this_version = "6.1.68" kernel_version = d.getVar("LINUX_VERSION") if kernel_version != this_version: bb.warn("Kernel CVE status needs updating: generated for %s but kernel is %s" % (this_version, kernel_version)) @@ -4524,7 +4524,7 @@ CVE_STATUS[CVE-2022-43945] = "fixed-version: Fixed from version 6.1rc1" # CVE-2022-44033 needs backporting (fixed from 6.4rc1) -# CVE-2022-44034 has no known resolution +# CVE-2022-44034 needs backporting (fixed from 6.4rc1) # CVE-2022-4543 has no known resolution @@ -5016,6 +5016,10 @@ CVE_STATUS[CVE-2023-39193] = "cpe-stable-backport: Backported in 6.1.53" CVE_STATUS[CVE-2023-39194] = "cpe-stable-backport: Backported in 6.1.47" +CVE_STATUS[CVE-2023-39197] = "cpe-stable-backport: Backported in 6.1.39" + +CVE_STATUS[CVE-2023-39198] = "cpe-stable-backport: Backported in 6.1.47" + CVE_STATUS[CVE-2023-4004] = "cpe-stable-backport: Backported in 6.1.42" # CVE-2023-4010 has no known resolution @@ -5102,7 +5106,7 @@ CVE_STATUS[CVE-2023-4881] = "cpe-stable-backport: Backported in 6.1.54" CVE_STATUS[CVE-2023-4921] = "cpe-stable-backport: Backported in 6.1.54" -# CVE-2023-5090 needs backporting (fixed from 6.6rc7) +CVE_STATUS[CVE-2023-5090] = "cpe-stable-backport: Backported in 6.1.62" CVE_STATUS[CVE-2023-5158] = "cpe-stable-backport: Backported in 6.1.57" @@ -5112,7 +5116,19 @@ CVE_STATUS[CVE-2023-5197] = "cpe-stable-backport: Backported in 6.1.56" CVE_STATUS[CVE-2023-5345] = "cpe-stable-backport: Backported in 6.1.56" -# CVE-2023-5633 needs backporting (fixed from 6.6rc6) +CVE_STATUS[CVE-2023-5633] = "fixed-version: only affects 6.2 onwards" # CVE-2023-5717 needs backporting (fixed from 6.1.60) +# CVE-2023-5972 needs backporting (fixed from 6.6rc7) + +# CVE-2023-6039 needs backporting (fixed from 6.5rc5) + +CVE_STATUS[CVE-2023-6111] = "fixed-version: only affects 6.6rc3 onwards" + +CVE_STATUS[CVE-2023-6121] = "cpe-stable-backport: Backported in 6.1.65" + +CVE_STATUS[CVE-2023-6176] = "cpe-stable-backport: Backported in 6.1.54" + +# CVE-2023-6238 has no known resolution + |