|
|
@@ -546,6 +546,69 @@
|
|
|
- netsnmp: unexpected header length in /proc/net/snmp...
|
|
|
https://gitlab.com/buildroot.org/buildroot/-/issues/110
|
|
|
|
|
|
+2025.02.8, released November 20, 2025
|
|
|
+
|
|
|
+ Important / security related fixes:
|
|
|
+
|
|
|
+ - bind: CVE-2025-8677, CVE-2025-40778, CVE-2025-40780
|
|
|
+ - dante: CVE-2024-54662
|
|
|
+ - erlang: CVE-2024-53846, CVE-2025-4748, CVE-2025-26618, CVE-2025-30211,
|
|
|
+ CVE-2025-32433, CVE-2025-46712, CVE-2025-48038,
|
|
|
+ CVE-2025-48039, CVE-2025-48040, CVE-2025-48041
|
|
|
+ - hostapd: CVE-2025-24912
|
|
|
+ - imagemagick: CVE-2025-62171
|
|
|
+ - iptraf-ng: CVE-2024-52949
|
|
|
+ - libarchive: CVE-2025-25724
|
|
|
+ - libglib2: CVE-2024-54662
|
|
|
+ - libvips: CVE-2025-29769, CVE-2025-59933
|
|
|
+ - libvpx: CVE-2025-5283
|
|
|
+ - libxslt: CVE-2025-24855, CVE-2024-55549
|
|
|
+ - mbedtls: CVE-2025-54764, CVE-2025-59438
|
|
|
+ - modsecurity2: CVE-2025-52891, CVE-2025-54571
|
|
|
+ - netdata: CVE-2023-22496, CVE-2023-22497
|
|
|
+ - poppler: CVE-2024-6239, CVE-2024-56378, CVE-2025-32364,
|
|
|
+ CVE-2025-32365, CVE-2025-43903, CVE-2025-50420,
|
|
|
+ CVE-2025-52886
|
|
|
+ - python3: gh-139312, gh-139700, gh-139400, gh-135661, gh-135661,
|
|
|
+ gh-102555, gh-135462, gh-118350, gh-86155
|
|
|
+ - python-webpy: CVE-2025-3818
|
|
|
+ - redis: CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-49844
|
|
|
+ - samba: CVE-2025-3818, CVE-2025-10230
|
|
|
+ - shairport-sync: Upstream security fixes without CVE
|
|
|
+ - squid: CVE-2025-59362
|
|
|
+ - suricata: CVE-2024-37151, CVE-2024-38535
|
|
|
+ - tpm2-tss: CVE-2024-29040
|
|
|
+ - xerces: CVE-2024-23807
|
|
|
+ - zabbix: CVE-2025-27231, CVE-2025-27236, CVE-2025-27238, CVE-2025-49641
|
|
|
+ - zip: CVE-2018-13410
|
|
|
+
|
|
|
+ Infrastructure updates/fixes:
|
|
|
+
|
|
|
+ - Improved matching of CPE ID with NVD database, resulting in more
|
|
|
+ accurate identification of CVEs.
|
|
|
+ - brmake: avoid garbled output with top-level parallel build
|
|
|
+
|
|
|
+ Updated / fixed packages: 4th, audit, bind, cmake, crun, dante,
|
|
|
+ ebtables, erlang, freeradius-server, gpsd, gstd, hostapd, imagemagick,
|
|
|
+ iptraf-ng, iozone, ledmon, libarchive, libcurl, libdbi-drivers,
|
|
|
+ libdisplay-info, libglib2, libgphoto2, libgtk3, libheif, libsemanage,
|
|
|
+ libshout, libsolv, libtpms, libvips, libvpx, libwpe, libxslt, linux,
|
|
|
+ linux-headers, live555, mbedtls, micropython, mjpg-streamer,
|
|
|
+ modsecurity2, netdata, netsnmp, poppler, python3, python-flask-cors,
|
|
|
+ python-webpy, quota, qt6multimedia, redis, refpolicy, samba4,
|
|
|
+ selinux-python, sexpect, shairport-sync, siproxd, sqlite, squid,
|
|
|
+ suricata, tor, tpm2-tss, waffle, webkitgtk, wireless-regdb, wpewebkit,
|
|
|
+ xerces, zabbix, zip
|
|
|
+
|
|
|
+ Removed package: ramspeed
|
|
|
+
|
|
|
+ Boards updated / fixed: beagleboneai, cubieboard1, cubieboard2,
|
|
|
+ stm32f429_disco_xip, stm32f746_disco_sd, stm32f769_disco_sd,
|
|
|
+
|
|
|
+ Test Improvements:
|
|
|
+
|
|
|
+ - Capture output of failing commands on host.
|
|
|
+
|
|
|
2025.02.7, released October 11, 2025
|
|
|
|
|
|
Important / security related fixes:
|
Arnout Vandecappelle