[pull] master from buildroot:master#1079
Merged
Merged
Conversation
https://gitlab.com/libtiff/libtiff/-/releases/v4.7.2 Fixes CVE-2026-36849: https://seclists.org/oss-sec/2026/q2/952 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
…1.x, 6.18.x series Update the latest kernel releases to: - 7.1.2 -> 7.1.3 - 6.18.37 -> 6.18.38 - 6.12.94 -> 6.12.95 - 6.6.143 -> 6.6.144 - 6.1.176 -> 6.1.177 - 5.15.210 -> 5.15.211 - 5.10.259 -> 5.10.260 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
https://github.com/vcrhonek/hwdata/releases/tag/v0.409 https://github.com/vcrhonek/hwdata/releases/tag/v0.408 https://github.com/vcrhonek/hwdata/releases/tag/v0.407 Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following vulnerability:
- CVE-2026-34933:
Avahi is a system which facilitates service discovery on a local
network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4,
any unprivileged local user can crash avahi-daemon by sending a single
D-Bus method call with conflicting publish flags. This issue has been
patched in version 0.9-rc4.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2026-34933
- avahi/avahi@0be89b6
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This fixes the following vulnerability:
- CVE-2025-64503:
cups-filters contains backends, filters, and other software required
to get the cups printing service working on operating systems other
than macos. In cups-filters prior to 1.28.18, by crafting a PDF file
with a large `MediaBox` value, an attacker can cause CUPS-Filter 1.x’s
`pdftoraster` tool to write beyond the bounds of an array. First, a
PDF with a large `MediaBox` width value causes `header.cupsWidth` to
become large. Next, the calculation of `bytesPerLine =
(header.cupsBitsPerPixel * header.cupsWidth + 7) / 8` overflows,
resulting in a small value. Then, `lineBuf` is allocated with the
small `bytesPerLine` size. Finally, `convertLineChunked` calls
`writePixel8`, which attempts to write to `lineBuf` outside of its
buffer size (out of bounds write). In libcupsfilters, the maintainers
found the same `bytesPerLine` multiplication without overflow check,
but the provided test case does not cause an overflow there, because
the values are different. Commit
50d94ca0f2fa6177613c97c59791bde568631865 contains a patch, which is
incorporated into cups-filters version 1.28.18.
For more information, see:
- https://www.cve.org/CVERecord?id=CVE-2025-64503
- OpenPrinting/cups-filters@50d94ca
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
https://lists.gnupg.org/pipermail/gnupg-announce/2026q3/000506.html Fixes CVE-2026-34182. Signed-off-by: Bernd Kuhls <bernd@kuhls.net> Signed-off-by: Julien Olivain <ju.o@free.fr>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )