From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 25 Jan 2026 16:22:41 +0000 (+0100)
Subject: glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d59abb5639f911d970521c8c41e9146b5d2ae511;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

glibc: mark CVE-2025-15281, CVE-2026-0861 and CVE-2026-0915 as patched

These were fixed with last hash update and start to appearing in CVE
reports.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-core/glibc/glibc_2.42.bb b/meta/recipes-core/glibc/glibc_2.42.bb
index b33d1b44ba..76ef521a1c 100644
--- a/meta/recipes-core/glibc/glibc_2.42.bb
+++ b/meta/recipes-core/glibc/glibc_2.42.bb
@@ -17,7 +17,7 @@ Allows for ASLR bypass so can bypass some hardening, not an exploit in itself, m
 easier access for another. 'ASLR bypass itself is not a vulnerability.'"
 
 CVE_STATUS_GROUPS += "CVE_STATUS_STABLE_BACKPORTS"
-CVE_STATUS_STABLE_BACKPORTS = ""
+CVE_STATUS_STABLE_BACKPORTS = "CVE-2025-15281 CVE-2026-0861 CVE-2026-0915"
 CVE_STATUS_STABLE_BACKPORTS[status] = "cpe-stable-backport: fix available in used git hash"
 
 DEPENDS += "gperf-native bison-native"