conf.py: rename :cve: role to :cve_nist:

Newer versions of Sphinx already define a :cve: role that points to
cve.org, instead of the role we defined in conf.py that points to
nvd.nist.gov.

Rename our role to :cve_nist: to avoid warnings (treated as errors).
This is also backwards compatible, meaning we can build the doc with an
older Sphinx if needed.

The file were automatically replaced with following command:

find . -name '*.rst' -exec sed -i 's/:cve:/:cve_nist:/g' {} \+

Cherry pick:

* Changes on following files removed from cherry pick (not part of kirkstone):

  documentation/migration-guides/release-notes-4.1.1.rst
  documentation/migration-guides/release-notes-4.1.2.rst
  documentation/migration-guides/release-notes-4.1.3.rst
  documentation/migration-guides/release-notes-4.1.4.rst
  documentation/migration-guides/release-notes-4.1.rst
  documentation/migration-guides/release-notes-4.2.1.rst
  documentation/migration-guides/release-notes-4.2.2.rst
  documentation/migration-guides/release-notes-4.2.3.rst
  documentation/migration-guides/release-notes-4.2.4.rst
  documentation/migration-guides/release-notes-4.2.rst
  documentation/migration-guides/release-notes-4.3.1.rst
  documentation/migration-guides/release-notes-4.3.2.rst
  documentation/migration-guides/release-notes-4.3.3.rst
  documentation/migration-guides/release-notes-4.3.4.rst
  documentation/migration-guides/release-notes-4.3.rst
  documentation/migration-guides/release-notes-5.0.2.rst
  documentation/migration-guides/release-notes-5.0.3.rst
  documentation/migration-guides/release-notes-5.0.rst
  documentation/migration-guides/release-notes-5.1.rst

* Fix minor conflicts in following files:

  documentation/migration-guides/release-notes-3.4.2.rst: missing :term:
  before CVE_PRODUCT
  documentation/migration-guides/release-notes-4.0.2.rst: missing :term:
  before PACKAGECONFIG
  documentation/migration-guides/release-notes-4.0.7.rst: missing cve
  2022-32912 on webkitgtk

Suggested-By: Quentin Schulz <quentin.schulz@cherry.de>
Reviewed-by: Quentin Schulz <quentin.schulz@cherry.de>
(From yocto-docs rev: f432e78fef82c5e5bfdfff08bb18757dc3479465)

Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
(cherry picked from commit 15fa3b7e85dde50d7236c1738ad607531cc654b8)
Signed-off-by: Antonin Godard <antonin.godard@bootlin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

documentation/conf.py

@@ -90,8 +90,8 @@ rst_prolog = """
 
 # external links and substitutions
 extlinks = {
-    'cve': ('https://nvd.nist.gov/vuln/detail/CVE-%s', 'CVE-%s'),
     'cve_mitre': ('https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-%s', 'CVE-%s'),
+    'cve_nist': ('https://nvd.nist.gov/vuln/detail/CVE-%s', 'CVE-%s'),
     'yocto_home': ('https://www.yoctoproject.org%s', None),
     'yocto_wiki': ('https://wiki.yoctoproject.org/wiki%s', None),
     'yocto_dl': ('https://downloads.yoctoproject.org%s', None),

documentation/contributor-guide/recipe-style-guide.rst

@@ -395,7 +395,7 @@ one CVE is fixed, separate them using spaces.
 CVE Examples
 ------------
 
-This should be the header of patch that fixes :cve:`2015-8370` in GRUB2::
+This should be the header of patch that fixes :cve_nist:`2015-8370` in GRUB2::
 
    grub2: Fix CVE-2015-8370
 

documentation/migration-guides/release-notes-3.4.1.rst

@@ -9,14 +9,14 @@ Known Issues in 3.4.1
 Security Fixes in 3.4.1
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  glibc: Backport fix for :cve:`2021-43396`
--  vim: add patch number to :cve:`2021-3778` patch
--  vim: fix :cve:`2021-3796`, :cve:`2021-3872`, and :cve:`2021-3875`
--  squashfs-tools: follow-up fix for :cve:`2021-41072`
+-  glibc: Backport fix for :cve_nist:`2021-43396`
+-  vim: add patch number to :cve_nist:`2021-3778` patch
+-  vim: fix :cve_nist:`2021-3796`, :cve_nist:`2021-3872`, and :cve_nist:`2021-3875`
+-  squashfs-tools: follow-up fix for :cve_nist:`2021-41072`
 -  avahi: update CVE id fixed by local-ping.patch
--  squashfs-tools: fix :cve:`2021-41072`
--  ffmpeg: fix :cve:`2021-38114`
--  curl: fix :cve:`2021-22945`, :cve:`2021-22946` and :cve:`2021-22947`
+-  squashfs-tools: fix :cve_nist:`2021-41072`
+-  ffmpeg: fix :cve_nist:`2021-38114`
+-  curl: fix :cve_nist:`2021-22945`, :cve_nist:`2021-22946` and :cve_nist:`2021-22947`
 
 Fixes in 3.4.1
 ~~~~~~~~~~~~~~

documentation/migration-guides/release-notes-3.4.2.rst

@@ -4,29 +4,29 @@ Release notes for 3.4.2 (honister)
 Security Fixes in 3.4.2
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  tiff: backport fix for :cve:`2022-22844`
--  glibc : Fix :cve:`2021-3999`
--  glibc : Fix :cve:`2021-3998`
--  glibc : Fix :cve:`2022-23219`
--  glibc : Fix :cve:`2022-23218`
--  lighttpd: backport a fix for :cve:`2022-22707`
--  speex: fix :cve:`2020-23903`
--  linux-yocto/5.10: amdgpu: updates for :cve:`2021-42327`
--  libsndfile1: fix :cve:`2021-4156`
+-  tiff: backport fix for :cve_nist:`2022-22844`
+-  glibc : Fix :cve_nist:`2021-3999`
+-  glibc : Fix :cve_nist:`2021-3998`
+-  glibc : Fix :cve_nist:`2022-23219`
+-  glibc : Fix :cve_nist:`2022-23218`
+-  lighttpd: backport a fix for :cve_nist:`2022-22707`
+-  speex: fix :cve_nist:`2020-23903`
+-  linux-yocto/5.10: amdgpu: updates for :cve_nist:`2021-42327`
+-  libsndfile1: fix :cve_nist:`2021-4156`
 -  xserver-xorg: whitelist two CVEs
--  grub2: fix :cve:`2021-3981`
--  xserver-xorg: update CVE_PRODUCT
--  binutils: :cve:`2021-42574`
--  gcc: Fix :cve:`2021-42574`
--  gcc: Fix :cve:`2021-35465`
+-  grub2: fix :cve_nist:`2021-3981`
+-  xserver-xorg: update :term:`CVE_PRODUCT`
+-  binutils: :cve_nist:`2021-42574`
+-  gcc: Fix :cve_nist:`2021-42574`
+-  gcc: Fix :cve_nist:`2021-35465`
 -  cve-extra-exclusions: add db CVEs to exclusion list
--  gcc: Add :cve:`2021-37322` to the list of CVEs to ignore
--  bind: fix :cve:`2021-25219`
--  openssh: fix :cve:`2021-41617`
--  ncurses: fix :cve:`2021-39537`
--  vim: fix :cve:`2021-3968` and :cve:`2021-3973`
--  vim: fix :cve:`2021-3927` and :cve:`2021-3928`
--  gmp: fix :cve:`2021-43618`
+-  gcc: Add :cve_nist:`2021-37322` to the list of CVEs to ignore
+-  bind: fix :cve_nist:`2021-25219`
+-  openssh: fix :cve_nist:`2021-41617`
+-  ncurses: fix :cve_nist:`2021-39537`
+-  vim: fix :cve_nist:`2021-3968` and :cve_nist:`2021-3973`
+-  vim: fix :cve_nist:`2021-3927` and :cve_nist:`2021-3928`
+-  gmp: fix :cve_nist:`2021-43618`
 
 Fixes in 3.4.2
 ~~~~~~~~~~~~~~

documentation/migration-guides/release-notes-3.4.3.rst

@@ -4,12 +4,12 @@ Release notes for 3.4.3 (honister)
 Security Fixes in 3.4.3
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  ghostscript: fix :cve:`2021-3781`
--  ghostscript: fix :cve:`2021-45949`
--  tiff: Add backports for two CVEs from upstream (:cve:`2022-0561` & :cve:`2022-0562`)
--  gcc : Fix :cve:`2021-46195`
+-  ghostscript: fix :cve_nist:`2021-3781`
+-  ghostscript: fix :cve_nist:`2021-45949`
+-  tiff: Add backports for two CVEs from upstream (:cve_nist:`2022-0561` & :cve_nist:`2022-0562`)
+-  gcc : Fix :cve_nist:`2021-46195`
 -  virglrenderer: fix `CVE-2022-0135 <https://security-tracker.debian.org/tracker/CVE-2022-0135>`__ and `CVE-2022-0175 <https://security-tracker.debian.org/tracker/CVE-2022-0175>`__
--  binutils: Add fix for :cve:`2021-45078`
+-  binutils: Add fix for :cve_nist:`2021-45078`
 
 
 Fixes in 3.4.3

documentation/migration-guides/release-notes-3.4.4.rst

@@ -4,11 +4,11 @@ Release notes for 3.4.4 (honister)
 Security Fixes in 3.4.4
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  tiff: fix :cve:`2022-0865`, :cve:`2022-0891`, :cve:`2022-0907`, :cve:`2022-0908`, :cve:`2022-0909` and :cve:`2022-0924`
+-  tiff: fix :cve_nist:`2022-0865`, :cve_nist:`2022-0891`, :cve_nist:`2022-0907`, :cve_nist:`2022-0908`, :cve_nist:`2022-0909` and :cve_nist:`2022-0924`
 -  xz: fix `CVE-2022-1271 <https://security-tracker.debian.org/tracker/CVE-2022-1271>`__
 -  unzip: fix `CVE-2021-4217 <https://security-tracker.debian.org/tracker/CVE-2021-4217>`__
--  zlib: fix :cve:`2018-25032`
--  grub: ignore :cve:`2021-46705`
+-  zlib: fix :cve_nist:`2018-25032`
+-  grub: ignore :cve_nist:`2021-46705`
 
 Fixes in 3.4.4
 ~~~~~~~~~~~~~~

documentation/migration-guides/release-notes-3.4.rst

@@ -216,34 +216,34 @@ Other license-related notes:
 Security Fixes in 3.4
 ~~~~~~~~~~~~~~~~~~~~~
 
--  apr: :cve:`2021-35940`
--  aspell: :cve:`2019-25051`
--  avahi: :cve:`2021-3468`, :cve:`2021-36217`
--  binutils: :cve:`2021-20197`
--  bluez: :cve:`2021-3658`
--  busybox: :cve:`2021-28831`
--  cairo: :cve:`2020-35492`
--  cpio: :cve:`2021-38185`
--  expat: :cve:`2013-0340`
--  ffmpeg: :cve:`2020-20446`, :cve:`2020-22015`, :cve:`2020-22021`, :cve:`2020-22033`, :cve:`2020-22019`, :cve:`2021-33815`, :cve:`2021-38171`, :cve:`2020-20453`
--  glibc: :cve:`2021-33574`, :cve:`2021-38604`
--  inetutils: :cve:`2021-40491`
--  libgcrypt: :cve:`2021-40528`
--  linux-yocto/5.10, 5.14: :cve:`2021-3653`, :cve:`2021-3656`
--  lz4: :cve:`2021-3520`
--  nettle: :cve:`2021-20305`
--  openssl: :cve:`2021-3711`, :cve:`2021-3712`
--  perl: :cve:`2021-36770`
--  python3: :cve:`2021-29921`
--  python3-pip: :cve:`2021-3572`
--  qemu: :cve:`2020-27821`, :cve:`2020-29443`, :cve:`2020-35517`, :cve:`2021-3392`, :cve:`2021-3409`, :cve:`2021-3416`, :cve:`2021-3527`, :cve:`2021-3544`, :cve:`2021-3545`, :cve:`2021-3546`, :cve:`2021-3682`, :cve:`2021-20181`, :cve:`2021-20221`, :cve:`2021-20257`, :cve:`2021-20263`
--  rpm: :cve:`2021-3421`, :cve:`2021-20271`
--  rsync: :cve:`2020-14387`
--  util-linux: :cve:`2021-37600`
--  vim: :cve:`2021-3770`, :cve:`2021-3778`
--  wpa-supplicant: :cve:`2021-30004`
--  xdg-utils: :cve:`2020-27748`
--  xserver-xorg: :cve:`2021-3472`
+-  apr: :cve_nist:`2021-35940`
+-  aspell: :cve_nist:`2019-25051`
+-  avahi: :cve_nist:`2021-3468`, :cve_nist:`2021-36217`
+-  binutils: :cve_nist:`2021-20197`
+-  bluez: :cve_nist:`2021-3658`
+-  busybox: :cve_nist:`2021-28831`
+-  cairo: :cve_nist:`2020-35492`
+-  cpio: :cve_nist:`2021-38185`
+-  expat: :cve_nist:`2013-0340`
+-  ffmpeg: :cve_nist:`2020-20446`, :cve_nist:`2020-22015`, :cve_nist:`2020-22021`, :cve_nist:`2020-22033`, :cve_nist:`2020-22019`, :cve_nist:`2021-33815`, :cve_nist:`2021-38171`, :cve_nist:`2020-20453`
+-  glibc: :cve_nist:`2021-33574`, :cve_nist:`2021-38604`
+-  inetutils: :cve_nist:`2021-40491`
+-  libgcrypt: :cve_nist:`2021-40528`
+-  linux-yocto/5.10, 5.14: :cve_nist:`2021-3653`, :cve_nist:`2021-3656`
+-  lz4: :cve_nist:`2021-3520`
+-  nettle: :cve_nist:`2021-20305`
+-  openssl: :cve_nist:`2021-3711`, :cve_nist:`2021-3712`
+-  perl: :cve_nist:`2021-36770`
+-  python3: :cve_nist:`2021-29921`
+-  python3-pip: :cve_nist:`2021-3572`
+-  qemu: :cve_nist:`2020-27821`, :cve_nist:`2020-29443`, :cve_nist:`2020-35517`, :cve_nist:`2021-3392`, :cve_nist:`2021-3409`, :cve_nist:`2021-3416`, :cve_nist:`2021-3527`, :cve_nist:`2021-3544`, :cve_nist:`2021-3545`, :cve_nist:`2021-3546`, :cve_nist:`2021-3682`, :cve_nist:`2021-20181`, :cve_nist:`2021-20221`, :cve_nist:`2021-20257`, :cve_nist:`2021-20263`
+-  rpm: :cve_nist:`2021-3421`, :cve_nist:`2021-20271`
+-  rsync: :cve_nist:`2020-14387`
+-  util-linux: :cve_nist:`2021-37600`
+-  vim: :cve_nist:`2021-3770`, :cve_nist:`2021-3778`
+-  wpa-supplicant: :cve_nist:`2021-30004`
+-  xdg-utils: :cve_nist:`2020-27748`
+-  xserver-xorg: :cve_nist:`2021-3472`
 
 Recipe Upgrades in 3.4
 ~~~~~~~~~~~~~~~~~~~~~~

documentation/migration-guides/release-notes-4.0.1.rst

@@ -4,11 +4,11 @@ Release notes for 4.0.1 (kirkstone)
 Security Fixes in 4.0.1
 ~~~~~~~~~~~~~~~~~~~~~~~
 
--  linux-yocto/5.15: fix :cve:`2022-28796`
--  python3: ignore :cve:`2015-20107`
--  e2fsprogs: fix :cve:`2022-1304`
--  lua: fix :cve:`2022-28805`
--  busybox: fix :cve:`2022-28391`
+-  linux-yocto/5.15: fix :cve_nist:`2022-28796`
+-  python3: ignore :cve_nist:`2015-20107`
+-  e2fsprogs: fix :cve_nist:`2022-1304`
+-  lua: fix :cve_nist:`2022-28805`
+-  busybox: fix :cve_nist:`2022-28391`
 
 Fixes in 4.0.1
 ~~~~~~~~~~~~~~

documentation/migration-guides/release-notes-4.0.11.rst

@@ -6,18 +6,18 @@ Release notes for Yocto-4.0.11 (Kirkstone)
 Security Fixes in Yocto-4.0.11
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  cups: Fix :cve:`2023-32324`
--  curl: Fix :cve:`2023-28319`, :cve:`2023-28320`, :cve:`2023-28321` and :cve:`2023-28322`
--  git: Ignore :cve:`2023-25815`
--  go: Fix :cve:`2023-24539` and :cve:`2023-24540`
--  nasm: Fix :cve:`2022-46457`
--  openssh: Fix :cve:`2023-28531`
--  openssl: Fix :cve:`2023-1255` and :cve:`2023-2650`
--  perl: Fix :cve:`2023-31484`
--  python3-requests: Fix for :cve:`2023-32681`
--  sysstat: Fix :cve:`2023-33204`
--  vim: Fix :cve:`2023-2426`
--  webkitgtk: fix :cve:`2022-42867`, :cve:`2022-46691`, :cve:`2022-46699` and :cve:`2022-46700`
+-  cups: Fix :cve_nist:`2023-32324`
+-  curl: Fix :cve_nist:`2023-28319`, :cve_nist:`2023-28320`, :cve_nist:`2023-28321` and :cve_nist:`2023-28322`
+-  git: Ignore :cve_nist:`2023-25815`
+-  go: Fix :cve_nist:`2023-24539` and :cve_nist:`2023-24540`
+-  nasm: Fix :cve_nist:`2022-46457`
+-  openssh: Fix :cve_nist:`2023-28531`
+-  openssl: Fix :cve_nist:`2023-1255` and :cve_nist:`2023-2650`
+-  perl: Fix :cve_nist:`2023-31484`
+-  python3-requests: Fix for :cve_nist:`2023-32681`
+-  sysstat: Fix :cve_nist:`2023-33204`
+-  vim: Fix :cve_nist:`2023-2426`
+-  webkitgtk: fix :cve_nist:`2022-42867`, :cve_nist:`2022-46691`, :cve_nist:`2022-46699` and :cve_nist:`2022-46700`
 
 
 Fixes in Yocto-4.0.11

documentation/migration-guides/release-notes-4.0.12.rst

@@ -6,30 +6,30 @@ Release notes for Yocto-4.0.12 (Kirkstone)
 Security Fixes in Yocto-4.0.12
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bind: Fix :cve:`2023-2828` and :cve:`2023-2911`
--  cups: Fix :cve:`2023-34241`
--  curl: Added :cve:`2023-28320` Follow-up patch
--  dbus: Fix :cve:`2023-34969`
--  dmidecode: fix :cve:`2023-30630`
--  ghostscript: fix :cve:`2023-36664`
--  go: fix :cve_mitre:`2023-24531`, :cve:`2023-24536`, :cve:`2023-29400`, :cve:`2023-29402`, :cve:`2023-29404`, :cve:`2023-29405` and :cve:`2023-29406`
--  libarchive: Ignore :cve:`2023-30571`
--  libcap: Fix :cve:`2023-2602` and :cve:`2023-2603`
--  libjpeg-turbo: Fix :cve:`2023-2804`
--  libpcre2: Fix :cve:`2022-41409`
--  libtiff: fix :cve:`2023-26965`
--  libwebp: Fix :cve:`2023-1999`
--  libx11: Fix :cve:`2023-3138`
--  libxpm: Fix :cve:`2022-44617`
--  ninja: Ignore :cve:`2021-4336`
--  openssh: Fix :cve:`2023-38408`
--  openssl: Fix :cve:`2023-2975`, :cve:`2023-3446` and :cve:`2023-3817`
--  perl: Fix :cve:`2023-31486`
--  python3: Ignore :cve:`2023-36632`
--  qemu: Fix :cve:`2023-0330`, :cve_mitre:`2023-2861`, :cve_mitre:`2023-3255` and :cve_mitre:`2023-3301`
--  sqlite3: Fix :cve:`2023-36191`
--  tiff: Fix :cve:`2023-0795`, :cve:`2023-0796`, :cve:`2023-0797`, :cve:`2023-0798`, :cve:`2023-0799`, :cve:`2023-25433`, :cve:`2023-25434` and :cve:`2023-25435`
--  vim: :cve:`2023-2609` and :cve:`2023-2610`
+-  bind: Fix :cve_nist:`2023-2828` and :cve_nist:`2023-2911`
+-  cups: Fix :cve_nist:`2023-34241`
+-  curl: Added :cve_nist:`2023-28320` Follow-up patch
+-  dbus: Fix :cve_nist:`2023-34969`
+-  dmidecode: fix :cve_nist:`2023-30630`
+-  ghostscript: fix :cve_nist:`2023-36664`
+-  go: fix :cve_mitre:`2023-24531`, :cve_nist:`2023-24536`, :cve_nist:`2023-29400`, :cve_nist:`2023-29402`, :cve_nist:`2023-29404`, :cve_nist:`2023-29405` and :cve_nist:`2023-29406`
+-  libarchive: Ignore :cve_nist:`2023-30571`
+-  libcap: Fix :cve_nist:`2023-2602` and :cve_nist:`2023-2603`
+-  libjpeg-turbo: Fix :cve_nist:`2023-2804`
+-  libpcre2: Fix :cve_nist:`2022-41409`
+-  libtiff: fix :cve_nist:`2023-26965`
+-  libwebp: Fix :cve_nist:`2023-1999`
+-  libx11: Fix :cve_nist:`2023-3138`
+-  libxpm: Fix :cve_nist:`2022-44617`
+-  ninja: Ignore :cve_nist:`2021-4336`
+-  openssh: Fix :cve_nist:`2023-38408`
+-  openssl: Fix :cve_nist:`2023-2975`, :cve_nist:`2023-3446` and :cve_nist:`2023-3817`
+-  perl: Fix :cve_nist:`2023-31486`
+-  python3: Ignore :cve_nist:`2023-36632`
+-  qemu: Fix :cve_nist:`2023-0330`, :cve_mitre:`2023-2861`, :cve_mitre:`2023-3255` and :cve_mitre:`2023-3301`
+-  sqlite3: Fix :cve_nist:`2023-36191`
+-  tiff: Fix :cve_nist:`2023-0795`, :cve_nist:`2023-0796`, :cve_nist:`2023-0797`, :cve_nist:`2023-0798`, :cve_nist:`2023-0799`, :cve_nist:`2023-25433`, :cve_nist:`2023-25434` and :cve_nist:`2023-25435`
+-  vim: :cve_nist:`2023-2609` and :cve_nist:`2023-2610`
 
 
 Fixes in Yocto-4.0.12

documentation/migration-guides/release-notes-4.0.15.rst

@@ -6,24 +6,24 @@ Release notes for Yocto-4.0.15 (Kirkstone)
 Security Fixes in Yocto-4.0.15
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  avahi: Fix :cve:`2023-1981`, :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, :cve:`2023-38472` and :cve:`2023-38473`
--  binutils: Fix :cve:`2022-47007`, :cve:`2022-47010` and :cve:`2022-48064`
--  bluez5: Fix :cve:`2023-45866`
--  ghostscript: Ignore GhostPCL :cve:`2023-38560`
--  gnutls: Fix :cve:`2023-5981`
--  go: Ignore :cve:`2023-45283` and :cve:`2023-45284`
--  grub: Fix :cve:`2023-4692` and :cve:`2023-4693`
+-  avahi: Fix :cve_nist:`2023-1981`, :cve_nist:`2023-38469`, :cve_nist:`2023-38470`, :cve_nist:`2023-38471`, :cve_nist:`2023-38472` and :cve_nist:`2023-38473`
+-  binutils: Fix :cve_nist:`2022-47007`, :cve_nist:`2022-47010` and :cve_nist:`2022-48064`
+-  bluez5: Fix :cve_nist:`2023-45866`
+-  ghostscript: Ignore GhostPCL :cve_nist:`2023-38560`
+-  gnutls: Fix :cve_nist:`2023-5981`
+-  go: Ignore :cve_nist:`2023-45283` and :cve_nist:`2023-45284`
+-  grub: Fix :cve_nist:`2023-4692` and :cve_nist:`2023-4693`
 -  gstreamer1.0-plugins-bad: Fix :cve_mitre:`2023-44429`
--  libsndfile: Fix :cve:`2022-33065`
--  libwebp: Fix :cve:`2023-4863`
--  openssl: Fix :cve:`2023-5678`
--  python3-cryptography: Fix :cve:`2023-49083`
--  qemu: Fix :cve:`2023-1544`
--  sudo: :cve:`2023-42456` and :cve_mitre:`2023-42465`
--  tiff: Fix :cve:`2023-41175`
--  vim: Fix :cve:`2023-46246`, :cve:`2023-48231`, :cve:`2023-48232`, :cve:`2023-48233`, :cve:`2023-48234`, :cve:`2023-48235`, :cve:`2023-48236`, :cve:`2023-48237` and :cve:`2023-48706`
--  xserver-xorg: Fix :cve:`2023-5367` and :cve:`2023-5380`
--  xwayland: Fix :cve:`2023-5367`
+-  libsndfile: Fix :cve_nist:`2022-33065`
+-  libwebp: Fix :cve_nist:`2023-4863`
+-  openssl: Fix :cve_nist:`2023-5678`
+-  python3-cryptography: Fix :cve_nist:`2023-49083`
+-  qemu: Fix :cve_nist:`2023-1544`
+-  sudo: :cve_nist:`2023-42456` and :cve_mitre:`2023-42465`
+-  tiff: Fix :cve_nist:`2023-41175`
+-  vim: Fix :cve_nist:`2023-46246`, :cve_nist:`2023-48231`, :cve_nist:`2023-48232`, :cve_nist:`2023-48233`, :cve_nist:`2023-48234`, :cve_nist:`2023-48235`, :cve_nist:`2023-48236`, :cve_nist:`2023-48237` and :cve_nist:`2023-48706`
+-  xserver-xorg: Fix :cve_nist:`2023-5367` and :cve_nist:`2023-5380`
+-  xwayland: Fix :cve_nist:`2023-5367`
 
 
 Fixes in Yocto-4.0.15

documentation/migration-guides/release-notes-4.0.16.rst

@@ -8,22 +8,22 @@ Security Fixes in Yocto-4.0.16
 
 -  cpio: Fix :cve_mitre:`2023-7207`
 -  curl: Revert "curl: Backport fix CVE-2023-32001"
--  curl: Fix :cve:`2023-46218`
--  dropbear:Fix :cve:`2023-48795`
--  ffmpeg: Fix :cve:`2022-3964` and :cve:`2022-3965`
--  ghostscript: Fix :cve:`2023-46751`
--  gnutls: Fix :cve:`2024-0553` and :cve:`2024-0567`
--  go: Fix :cve:`2023-39326`
--  openssh: Fix :cve:`2023-48795`, :cve:`2023-51384` and :cve:`2023-51385`
--  openssl: Fix :cve:`2023-6129` and :cve_mitre:`2023-6237`
+-  curl: Fix :cve_nist:`2023-46218`
+-  dropbear:Fix :cve_nist:`2023-48795`
+-  ffmpeg: Fix :cve_nist:`2022-3964` and :cve_nist:`2022-3965`
+-  ghostscript: Fix :cve_nist:`2023-46751`
+-  gnutls: Fix :cve_nist:`2024-0553` and :cve_nist:`2024-0567`
+-  go: Fix :cve_nist:`2023-39326`
+-  openssh: Fix :cve_nist:`2023-48795`, :cve_nist:`2023-51384` and :cve_nist:`2023-51385`
+-  openssl: Fix :cve_nist:`2023-6129` and :cve_mitre:`2023-6237`
 -  pam: Fix :cve_mitre:`2024-22365`
--  perl: Fix :cve:`2023-47038`
--  qemu: Fix :cve:`2023-5088`
--  sqlite3: Fix :cve:`2023-7104`
--  systemd: Fix :cve:`2023-7008`
--  tiff: Fix :cve:`2023-6228`
--  xserver-xorg: Fix :cve:`2023-6377`, :cve:`2023-6478`, :cve:`2023-6816`, :cve_mitre:`2024-0229`, :cve:`2024-0408`, :cve:`2024-0409`, :cve_mitre:`2024-21885` and :cve_mitre:`2024-21886`
--  zlib: Ignore :cve:`2023-6992`
+-  perl: Fix :cve_nist:`2023-47038`
+-  qemu: Fix :cve_nist:`2023-5088`
+-  sqlite3: Fix :cve_nist:`2023-7104`
+-  systemd: Fix :cve_nist:`2023-7008`
+-  tiff: Fix :cve_nist:`2023-6228`
+-  xserver-xorg: Fix :cve_nist:`2023-6377`, :cve_nist:`2023-6478`, :cve_nist:`2023-6816`, :cve_mitre:`2024-0229`, :cve_nist:`2024-0408`, :cve_nist:`2024-0409`, :cve_mitre:`2024-21885` and :cve_mitre:`2024-21886`
+-  zlib: Ignore :cve_nist:`2023-6992`
 
 
 Fixes in Yocto-4.0.16

documentation/migration-guides/release-notes-4.0.18.rst

@@ -6,22 +6,22 @@ Release notes for Yocto-4.0.18 (Kirkstone)
 Security Fixes in Yocto-4.0.18
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  curl: Fix :cve:`2024-2398`
--  expat: fix :cve:`2023-52426` and :cve:`2024-28757`
--  libssh2: fix :cve:`2023-48795`
--  ncurses: Fix :cve:`2023-50495`
--  nghttp2: Fix :cve:`2024-28182` and :cve:`2023-44487`
--  openssh: Ignore :cve:`2023-51767`
--  openssl: Fix :cve:`2024-2511`
--  perl: Ignore :cve:`2023-47100`
--  python3-cryptography: Fix :cve:`2024-26130`
--  python3-urllib3: Fix :cve:`2023-45803`
--  qemu: Fix :cve:`2023-6683`
+-  curl: Fix :cve_nist:`2024-2398`
+-  expat: fix :cve_nist:`2023-52426` and :cve_nist:`2024-28757`
+-  libssh2: fix :cve_nist:`2023-48795`
+-  ncurses: Fix :cve_nist:`2023-50495`
+-  nghttp2: Fix :cve_nist:`2024-28182` and :cve_nist:`2023-44487`
+-  openssh: Ignore :cve_nist:`2023-51767`
+-  openssl: Fix :cve_nist:`2024-2511`
+-  perl: Ignore :cve_nist:`2023-47100`
+-  python3-cryptography: Fix :cve_nist:`2024-26130`
+-  python3-urllib3: Fix :cve_nist:`2023-45803`
+-  qemu: Fix :cve_nist:`2023-6683`
 -  ruby: fix :cve_mitre:`2024-27281`
--  rust: Ignore :cve:`2024-24576`
--  tiff: Fix :cve:`2023-52356` and :cve:`2023-6277`
--  xserver-xorg: Fix :cve:`2024-31080` and :cve:`2024-31081`
--  xwayland: Fix :cve:`2023-6816`, :cve:`2024-0408` and :cve:`2024-0409`
+-  rust: Ignore :cve_nist:`2024-24576`
+-  tiff: Fix :cve_nist:`2023-52356` and :cve_nist:`2023-6277`
+-  xserver-xorg: Fix :cve_nist:`2024-31080` and :cve_nist:`2024-31081`
+-  xwayland: Fix :cve_nist:`2023-6816`, :cve_nist:`2024-0408` and :cve_nist:`2024-0409`
 
 
 Fixes in Yocto-4.0.18
@@ -31,7 +31,7 @@ Fixes in Yocto-4.0.18
 -  common-licenses: Backport missing license
 -  contributor-guide: add notes for tests
 -  contributor-guide: be more specific about meta-* trees
--  cups: fix typo in :cve:`2023-32360` backport patch
+-  cups: fix typo in :cve_nist:`2023-32360` backport patch
 -  cve-update-nvd2-native: Add an age threshold for incremental update
 -  cve-update-nvd2-native: Fix CVE configuration update
 -  cve-update-nvd2-native: Fix typo in comment

documentation/migration-guides/release-notes-4.0.2.rst

@@ -4,13 +4,13 @@ Release notes for Yocto-4.0.2 (Kirkstone)
 Security Fixes in Yocto-4.0.2
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  libxslt: Mark :cve:`2022-29824` as not applying
--  tiff: Add jbig PACKAGECONFIG and clarify IGNORE :cve:`2022-1210`
--  tiff: mark :cve:`2022-1622` and :cve:`2022-1623` as invalid
--  pcre2:fix :cve:`2022-1586` Out-of-bounds read
--  curl: fix :cve:`2022-22576`, :cve:`2022-27775`, :cve:`2022-27776`, :cve:`2022-27774`, :cve:`2022-30115`, :cve:`2022-27780`, :cve:`2022-27781`, :cve:`2022-27779` and :cve:`2022-27782`
--  qemu: fix :cve:`2021-4206` and :cve:`2021-4207`
--  freetype: fix :cve:`2022-27404`, :cve:`2022-27405` and :cve:`2022-27406`
+-  libxslt: Mark :cve_nist:`2022-29824` as not applying
+-  tiff: Add jbig :term:`PACKAGECONFIG` and clarify IGNORE :cve_nist:`2022-1210`
+-  tiff: mark :cve_nist:`2022-1622` and :cve_nist:`2022-1623` as invalid
+-  pcre2:fix :cve_nist:`2022-1586` Out-of-bounds read
+-  curl: fix :cve_nist:`2022-22576`, :cve_nist:`2022-27775`, :cve_nist:`2022-27776`, :cve_nist:`2022-27774`, :cve_nist:`2022-30115`, :cve_nist:`2022-27780`, :cve_nist:`2022-27781`, :cve_nist:`2022-27779` and :cve_nist:`2022-27782`
+-  qemu: fix :cve_nist:`2021-4206` and :cve_nist:`2021-4207`
+-  freetype: fix :cve_nist:`2022-27404`, :cve_nist:`2022-27405` and :cve_nist:`2022-27406`
 
 Fixes in Yocto-4.0.2
 ~~~~~~~~~~~~~~~~~~~~

documentation/migration-guides/release-notes-4.0.20.rst

@@ -6,14 +6,14 @@ Release notes for Yocto-4.0.20 (Kirkstone)
 Security Fixes in Yocto-4.0.20
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  acpica: Fix :cve:`2024-24856`
--  glib-2.0: Fix :cve:`2024-34397`
--  gstreamer1.0-plugins-base: Fix :cve:`2024-4453`
--  libxml2: Fix :cve:`2024-34459`
--  openssh: fix :cve:`2024-6387`
--  openssl: Fix :cve_mitre:`2024-4741` and :cve:`2024-5535`
--  ruby: fix :cve:`2024-27280`
--  wget: Fix for :cve:`2024-38428`
+-  acpica: Fix :cve_nist:`2024-24856`
+-  glib-2.0: Fix :cve_nist:`2024-34397`
+-  gstreamer1.0-plugins-base: Fix :cve_nist:`2024-4453`
+-  libxml2: Fix :cve_nist:`2024-34459`
+-  openssh: fix :cve_nist:`2024-6387`
+-  openssl: Fix :cve_mitre:`2024-4741` and :cve_nist:`2024-5535`
+-  ruby: fix :cve_nist:`2024-27280`
+-  wget: Fix for :cve_nist:`2024-38428`
 
 
 Fixes in Yocto-4.0.20

documentation/migration-guides/release-notes-4.0.3.rst

@@ -4,21 +4,21 @@ Release notes for Yocto-4.0.3 (Kirkstone)
 Security Fixes in Yocto-4.0.3
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils: fix :cve:`2019-1010204`
--  busybox: fix :cve:`2022-30065`
--  cups: ignore :cve:`2022-26691`
--  curl: Fix :cve:`2022-32205`, :cve:`2022-32206`, :cve:`2022-32207` and :cve:`2022-32208`
--  dpkg: fix :cve:`2022-1664`
--  ghostscript: fix :cve:`2022-2085`
--  harfbuzz: fix :cve:`2022-33068`
--  libtirpc: fix :cve:`2021-46828`
--  lua: fix :cve:`2022-33099`
--  nasm: ignore :cve:`2020-18974`
--  qemu: fix :cve:`2022-35414`
--  qemu: ignore :cve:`2021-20255` and :cve:`2019-12067`
--  tiff: fix :cve:`2022-1354`, :cve:`2022-1355`, :cve:`2022-2056`, :cve:`2022-2057` and :cve:`2022-2058`
--  u-boot: fix :cve:`2022-34835`
--  unzip: fix :cve:`2022-0529` and :cve:`2022-0530`
+-  binutils: fix :cve_nist:`2019-1010204`
+-  busybox: fix :cve_nist:`2022-30065`
+-  cups: ignore :cve_nist:`2022-26691`
+-  curl: Fix :cve_nist:`2022-32205`, :cve_nist:`2022-32206`, :cve_nist:`2022-32207` and :cve_nist:`2022-32208`
+-  dpkg: fix :cve_nist:`2022-1664`
+-  ghostscript: fix :cve_nist:`2022-2085`
+-  harfbuzz: fix :cve_nist:`2022-33068`
+-  libtirpc: fix :cve_nist:`2021-46828`
+-  lua: fix :cve_nist:`2022-33099`
+-  nasm: ignore :cve_nist:`2020-18974`
+-  qemu: fix :cve_nist:`2022-35414`
+-  qemu: ignore :cve_nist:`2021-20255` and :cve_nist:`2019-12067`
+-  tiff: fix :cve_nist:`2022-1354`, :cve_nist:`2022-1355`, :cve_nist:`2022-2056`, :cve_nist:`2022-2057` and :cve_nist:`2022-2058`
+-  u-boot: fix :cve_nist:`2022-34835`
+-  unzip: fix :cve_nist:`2022-0529` and :cve_nist:`2022-0530`
 
 
 Fixes in Yocto-4.0.3

documentation/migration-guides/release-notes-4.0.4.rst

@@ -4,17 +4,17 @@ Release notes for Yocto-4.0.4 (Kirkstone)
 Security Fixes in Yocto-4.0.4
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils : fix :cve:`2022-38533`
--  curl: fix :cve:`2022-35252`
--  sqlite: fix :cve:`2022-35737`
--  grub2: fix :cve:`2021-3695`, :cve:`2021-3696`, :cve:`2021-3697`, :cve:`2022-28733`, :cve:`2022-28734` and :cve:`2022-28735`
--  u-boot: fix :cve:`2022-30552` and :cve:`2022-33967`
--  libxml2: Ignore :cve:`2016-3709`
--  libtiff: fix :cve:`2022-34526`
--  zlib: fix :cve:`2022-37434`
--  gnutls: fix :cve:`2022-2509`
--  u-boot: fix :cve:`2022-33103`
--  qemu: fix :cve:`2021-3507`, :cve:`2021-3929`, :cve:`2021-4158`, :cve:`2022-0216` and :cve:`2022-0358`
+-  binutils : fix :cve_nist:`2022-38533`
+-  curl: fix :cve_nist:`2022-35252`
+-  sqlite: fix :cve_nist:`2022-35737`
+-  grub2: fix :cve_nist:`2021-3695`, :cve_nist:`2021-3696`, :cve_nist:`2021-3697`, :cve_nist:`2022-28733`, :cve_nist:`2022-28734` and :cve_nist:`2022-28735`
+-  u-boot: fix :cve_nist:`2022-30552` and :cve_nist:`2022-33967`
+-  libxml2: Ignore :cve_nist:`2016-3709`
+-  libtiff: fix :cve_nist:`2022-34526`
+-  zlib: fix :cve_nist:`2022-37434`
+-  gnutls: fix :cve_nist:`2022-2509`
+-  u-boot: fix :cve_nist:`2022-33103`
+-  qemu: fix :cve_nist:`2021-3507`, :cve_nist:`2021-3929`, :cve_nist:`2021-4158`, :cve_nist:`2022-0216` and :cve_nist:`2022-0358`
 
 
 Fixes in Yocto-4.0.4

documentation/migration-guides/release-notes-4.0.5.rst

@@ -4,11 +4,11 @@ Release notes for Yocto-4.0.5 (Kirkstone)
 Security Fixes in Yocto-4.0.5
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  qemu: fix :cve:`2021-3750`, :cve:`2021-3611` and :cve:`2022-2962`
--  binutils : fix :cve:`2022-38126`, :cve:`2022-38127` and :cve:`2022-38128`
--  tff: fix :cve:`2022-2867`, :cve:`2022-2868` and :cve:`2022-2869`
--  inetutils: fix :cve:`2022-39028`
--  go: fix :cve:`2022-27664`
+-  qemu: fix :cve_nist:`2021-3750`, :cve_nist:`2021-3611` and :cve_nist:`2022-2962`
+-  binutils : fix :cve_nist:`2022-38126`, :cve_nist:`2022-38127` and :cve_nist:`2022-38128`
+-  tff: fix :cve_nist:`2022-2867`, :cve_nist:`2022-2868` and :cve_nist:`2022-2869`
+-  inetutils: fix :cve_nist:`2022-39028`
+-  go: fix :cve_nist:`2022-27664`
 
 Fixes in Yocto-4.0.5
 ~~~~~~~~~~~~~~~~~~~~

documentation/migration-guides/release-notes-4.0.6.rst

@@ -6,28 +6,28 @@ Release notes for Yocto-4.0.6 (Kirkstone)
 Security Fixes in Yocto-4.0.6
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  bash: Fix :cve:`2022-3715`
--  curl: Fix :cve:`2022-32221`, :cve:`2022-42915` and :cve:`2022-42916`
--  dbus: Fix :cve:`2022-42010`, :cve:`2022-42011` and :cve:`2022-42012`
--  dropbear: Fix :cve:`2021-36369`
--  ffmpeg: Fix :cve:`2022-3964`, :cve:`2022-3965`
--  go: Fix :cve:`2022-2880`
--  grub2: Fix :cve:`2022-2601`, :cve:`2022-3775` and :cve:`2022-28736`
--  libarchive: Fix :cve:`2022-36227`
--  libpam: Fix :cve:`2022-28321`
--  libsndfile1: Fix :cve:`2021-4156`
--  lighttpd: Fix :cve:`2022-41556`
--  openssl: Fix :cve:`2022-3358`
--  pixman: Fix :cve:`2022-44638`
--  python3-mako: Fix :cve:`2022-40023`
--  python3: Fix :cve:`2022-42919`
--  qemu: Fix :cve:`2022-3165`
--  sysstat: Fix :cve:`2022-39377`
--  systemd: Fix :cve:`2022-3821`
--  tiff: Fix :cve:`2022-2953`, :cve:`2022-3599`, :cve:`2022-3597`, :cve:`2022-3626`, :cve:`2022-3627`, :cve:`2022-3570`, :cve:`2022-3598` and :cve:`2022-3970`
--  vim: Fix :cve:`2022-3352`, :cve:`2022-3705` and :cve:`2022-4141`
--  wayland: Fix :cve:`2021-3782`
--  xserver-xorg: Fix :cve:`2022-3550` and :cve:`2022-3551`
+-  bash: Fix :cve_nist:`2022-3715`
+-  curl: Fix :cve_nist:`2022-32221`, :cve_nist:`2022-42915` and :cve_nist:`2022-42916`
+-  dbus: Fix :cve_nist:`2022-42010`, :cve_nist:`2022-42011` and :cve_nist:`2022-42012`
+-  dropbear: Fix :cve_nist:`2021-36369`
+-  ffmpeg: Fix :cve_nist:`2022-3964`, :cve_nist:`2022-3965`
+-  go: Fix :cve_nist:`2022-2880`
+-  grub2: Fix :cve_nist:`2022-2601`, :cve_nist:`2022-3775` and :cve_nist:`2022-28736`
+-  libarchive: Fix :cve_nist:`2022-36227`
+-  libpam: Fix :cve_nist:`2022-28321`
+-  libsndfile1: Fix :cve_nist:`2021-4156`
+-  lighttpd: Fix :cve_nist:`2022-41556`
+-  openssl: Fix :cve_nist:`2022-3358`
+-  pixman: Fix :cve_nist:`2022-44638`
+-  python3-mako: Fix :cve_nist:`2022-40023`
+-  python3: Fix :cve_nist:`2022-42919`
+-  qemu: Fix :cve_nist:`2022-3165`
+-  sysstat: Fix :cve_nist:`2022-39377`
+-  systemd: Fix :cve_nist:`2022-3821`
+-  tiff: Fix :cve_nist:`2022-2953`, :cve_nist:`2022-3599`, :cve_nist:`2022-3597`, :cve_nist:`2022-3626`, :cve_nist:`2022-3627`, :cve_nist:`2022-3570`, :cve_nist:`2022-3598` and :cve_nist:`2022-3970`
+-  vim: Fix :cve_nist:`2022-3352`, :cve_nist:`2022-3705` and :cve_nist:`2022-4141`
+-  wayland: Fix :cve_nist:`2021-3782`
+-  xserver-xorg: Fix :cve_nist:`2022-3550` and :cve_nist:`2022-3551`
 
 
 Fixes in Yocto-4.0.6

documentation/migration-guides/release-notes-4.0.7.rst

@@ -6,25 +6,25 @@ Release notes for Yocto-4.0.7 (Kirkstone)
 Security Fixes in Yocto-4.0.7
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils: Fix :cve:`2022-4285`
--  curl: Fix :cve:`2022-43551` and :cve_mitre:`2022-43552`
--  ffmpeg: Fix :cve:`2022-3109` and :cve:`2022-3341`
--  go: Fix :cve:`2022-41715` and :cve:`2022-41717`
--  libX11: Fix :cve:`2022-3554` and :cve:`2022-3555`
--  libarchive: Fix :cve:`2022-36227`
--  libksba: Fix :cve:`2022-47629`
--  libpng: Fix :cve:`2019-6129`
--  libxml2: Fix :cve:`2022-40303` and :cve:`2022-40304`
--  openssl: Fix :cve:`2022-3996`
--  python3: Fix :cve:`2022-45061`
--  python3-git: Fix :cve:`2022-24439`
--  python3-setuptools: Fix :cve:`2022-40897`
--  python3-wheel: Fix :cve:`2022-40898`
--  qemu: Fix :cve:`2022-4144`
--  sqlite: Fix :cve:`2022-46908`
--  systemd: Fix :cve:`2022-45873`
--  vim: Fix :cve:`2023-0049`, :cve:`2023-0051`, :cve:`2023-0054` and :cve:`2023-0088`
--  webkitgtk: Fix :cve:`2022-32886`, :cve_mitre:`2022-32891`
+-  binutils: Fix :cve_nist:`2022-4285`
+-  curl: Fix :cve_nist:`2022-43551` and :cve_mitre:`2022-43552`
+-  ffmpeg: Fix :cve_nist:`2022-3109` and :cve_nist:`2022-3341`
+-  go: Fix :cve_nist:`2022-41715` and :cve_nist:`2022-41717`
+-  libX11: Fix :cve_nist:`2022-3554` and :cve_nist:`2022-3555`
+-  libarchive: Fix :cve_nist:`2022-36227`
+-  libksba: Fix :cve_nist:`2022-47629`
+-  libpng: Fix :cve_nist:`2019-6129`
+-  libxml2: Fix :cve_nist:`2022-40303` and :cve_nist:`2022-40304`
+-  openssl: Fix :cve_nist:`2022-3996`
+-  python3: Fix :cve_nist:`2022-45061`
+-  python3-git: Fix :cve_nist:`2022-24439`
+-  python3-setuptools: Fix :cve_nist:`2022-40897`
+-  python3-wheel: Fix :cve_nist:`2022-40898`
+-  qemu: Fix :cve_nist:`2022-4144`
+-  sqlite: Fix :cve_nist:`2022-46908`
+-  systemd: Fix :cve_nist:`2022-45873`
+-  vim: Fix :cve_nist:`2023-0049`, :cve_nist:`2023-0051`, :cve_nist:`2023-0054` and :cve_nist:`2023-0088`
+-  webkitgtk: Fix :cve_nist:`2022-32886`, :cve_mitre:`2022-32891` and :cve_nist:`2022-32912`
 
 
 Fixes in Yocto-4.0.7
@@ -39,7 +39,7 @@ Fixes in Yocto-4.0.7
 -  busybox: always start do_compile with orig config files
 -  busybox: rm temporary files if do_compile was interrupted
 -  cairo: fix CVE patches assigned wrong CVE number
--  cairo: update patch for :cve:`2019-6461` with upstream solution
+-  cairo: update patch for :cve_nist:`2019-6461` with upstream solution
 -  classes/create-spdx: Add SPDX_PRETTY option
 -  classes: image: Set empty weak default IMAGE_LINGUAS
 -  combo-layer: add sync-revs command

documentation/migration-guides/release-notes-4.0.8.rst

@@ -6,16 +6,16 @@ Release notes for Yocto-4.0.8 (Kirkstone)
 Security Fixes in Yocto-4.0.8
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  apr-util: Fix :cve:`2022-25147`
--  apr: Fix :cve:`2022-24963`, :cve:`2022-28331` and :cve:`2021-35940`
--  bind: Fix :cve:`2022-3094`, :cve:`2022-3736` and :cve:`2022-3924`
--  git: Ignore :cve:`2022-41953`
--  git: Fix :cve:`2022-23521` and :cve:`2022-41903`
--  libgit2: Fix :cve:`2023-22742`
--  ppp: Fix :cve:`2022-4603`
--  python3-certifi: Fix :cve:`2022-23491`
--  sudo: Fix :cve:`2023-22809`
--  tar: Fix :cve:`2022-48303`
+-  apr-util: Fix :cve_nist:`2022-25147`
+-  apr: Fix :cve_nist:`2022-24963`, :cve_nist:`2022-28331` and :cve_nist:`2021-35940`
+-  bind: Fix :cve_nist:`2022-3094`, :cve_nist:`2022-3736` and :cve_nist:`2022-3924`
+-  git: Ignore :cve_nist:`2022-41953`
+-  git: Fix :cve_nist:`2022-23521` and :cve_nist:`2022-41903`
+-  libgit2: Fix :cve_nist:`2023-22742`
+-  ppp: Fix :cve_nist:`2022-4603`
+-  python3-certifi: Fix :cve_nist:`2022-23491`
+-  sudo: Fix :cve_nist:`2023-22809`
+-  tar: Fix :cve_nist:`2022-48303`
 
 
 Fixes in Yocto-4.0.8

documentation/migration-guides/release-notes-4.0.9.rst

@@ -4,26 +4,26 @@ Release notes for Yocto-4.0.9 (Kirkstone)
 Security Fixes in Yocto-4.0.9
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
--  binutils: Fix :cve:`2023-22608`
--  curl: Fix :cve:`2023-23914`, :cve:`2023-23915` and :cve:`2023-23916`
--  epiphany: Fix :cve:`2023-26081`
--  git: Ignore :cve:`2023-22743`
--  glibc: Fix  :cve:`2023-0687`
--  gnutls: Fix :cve:`2023-0361`
--  go: Fix :cve:`2022-2879`, :cve:`2022-41720` and :cve:`2022-41723`
--  harfbuzz: Fix :cve:`2023-25193`
--  less: Fix :cve:`2022-46663`
--  libmicrohttpd: Fix :cve:`2023-27371`
--  libsdl2: Fix :cve:`2022-4743`
--  openssl: Fix :cve:`2022-3996`, :cve:`2023-0464`, :cve:`2023-0465` and :cve:`2023-0466`
--  pkgconf: Fix :cve:`2023-24056`
--  python3: Fix :cve:`2023-24329`
--  shadow: Ignore :cve:`2016-15024`
--  systemd: Fix :cve:`2022-4415`
--  tiff: Fix :cve:`2023-0800`, :cve:`2023-0801`, :cve:`2023-0802`, :cve:`2023-0803` and :cve:`2023-0804`
--  vim: Fix :cve:`2023-0433`, :cve:`2023-0512`, :cve:`2023-1127`, :cve:`2023-1170`, :cve:`2023-1175`, :cve:`2023-1264` and :cve:`2023-1355`
--  xserver-xorg: Fix :cve:`2023-0494`
--  xwayland: Fix :cve:`2023-0494`
+-  binutils: Fix :cve_nist:`2023-22608`
+-  curl: Fix :cve_nist:`2023-23914`, :cve_nist:`2023-23915` and :cve_nist:`2023-23916`
+-  epiphany: Fix :cve_nist:`2023-26081`
+-  git: Ignore :cve_nist:`2023-22743`
+-  glibc: Fix  :cve_nist:`2023-0687`
+-  gnutls: Fix :cve_nist:`2023-0361`
+-  go: Fix :cve_nist:`2022-2879`, :cve_nist:`2022-41720` and :cve_nist:`2022-41723`
+-  harfbuzz: Fix :cve_nist:`2023-25193`
+-  less: Fix :cve_nist:`2022-46663`
+-  libmicrohttpd: Fix :cve_nist:`2023-27371`
+-  libsdl2: Fix :cve_nist:`2022-4743`
+-  openssl: Fix :cve_nist:`2022-3996`, :cve_nist:`2023-0464`, :cve_nist:`2023-0465` and :cve_nist:`2023-0466`
+-  pkgconf: Fix :cve_nist:`2023-24056`
+-  python3: Fix :cve_nist:`2023-24329`
+-  shadow: Ignore :cve_nist:`2016-15024`
+-  systemd: Fix :cve_nist:`2022-4415`
+-  tiff: Fix :cve_nist:`2023-0800`, :cve_nist:`2023-0801`, :cve_nist:`2023-0802`, :cve_nist:`2023-0803` and :cve_nist:`2023-0804`
+-  vim: Fix :cve_nist:`2023-0433`, :cve_nist:`2023-0512`, :cve_nist:`2023-1127`, :cve_nist:`2023-1170`, :cve_nist:`2023-1175`, :cve_nist:`2023-1264` and :cve_nist:`2023-1355`
+-  xserver-xorg: Fix :cve_nist:`2023-0494`
+-  xwayland: Fix :cve_nist:`2023-0494`
 
 
 Fixes in Yocto-4.0.9
@@ -88,7 +88,7 @@ Fixes in Yocto-4.0.9
 -  pybootchartui: Fix python syntax issue
 -  python3-git: fix indent error
 -  python3-setuptools-rust-native: Add direct dependency of native python3 modules
--  qemu: Revert "fix :cve:`2021-3507`" as not applicable for qemu 6.2
+-  qemu: Revert "fix :cve_nist:`2021-3507`" as not applicable for qemu 6.2
 -  rsync: Add missing prototypes to function declarations
 -  rsync: Turn on -pedantic-errors at the end of 'configure'
 -  runqemu: kill qemu if it hangs

documentation/migration-guides/release-notes-4.0.rst

@@ -332,37 +332,37 @@ Other license-related notes:
 Security Fixes in 4.0
 ~~~~~~~~~~~~~~~~~~~~~
 
-- binutils: :cve:`2021-42574`, :cve:`2021-45078`
-- curl: :cve:`2021-22945`, :cve:`2021-22946`, :cve:`2021-22947`
-- epiphany: :cve:`2021-45085`, :cve:`2021-45086`, :cve:`2021-45087`, :cve:`2021-45088`
-- expat: :cve:`2021-45960`, :cve:`2021-46143`, :cve:`2022-22822`, :cve:`2022-22823`, :cve:`2022-22824`, :cve:`2022-22825`, :cve:`2022-22826`, :cve:`2022-22827`, :cve:`2022-23852`, :cve:`2022-23990`, :cve:`2022-25235`, :cve:`2022-25236`, :cve:`2022-25313`, :cve:`2022-25314`, :cve:`2022-25315`
-- ffmpeg: :cve:`2021-38114`
-- gcc: :cve:`2021-35465`, :cve:`2021-42574`, :cve:`2021-46195`, :cve:`2022-24765`
-- glibc: :cve:`2021-3998`, :cve:`2021-3999`, :cve:`2021-43396`, :cve:`2022-23218`, :cve:`2022-23219`
-- gmp: :cve:`2021-43618`
-- go: :cve:`2021-41771` and :cve:`2021-41772`
-- grub2: :cve:`2021-3981`
-- gzip: :cve:`2022-1271`
-- libarchive : :cve:`2021-31566`, :cve:`2021-36976`
-- libxml2: :cve:`2022-23308`
-- libxslt: :cve:`2021-30560`
-- lighttpd: :cve:`2022-22707`
-- linux-yocto/5.10: amdgpu: :cve:`2021-42327`
-- lua: :cve:`2021-43396`
-- openssl: :cve:`2021-4044`, :cve:`2022-0778`
-- qemu: :cve:`2022-1050`, :cve:`2022-26353`, :cve:`2022-26354`
-- rpm: :cve:`2021-3521`
-- seatd: :cve:`2022-25643`
-- speex: :cve:`2020-23903`
-- squashfs-tools: :cve:`2021-41072`
-- systemd: :cve:`2021-4034`
-- tiff: :cve:`2022-0561`, :cve:`2022-0562`, :cve:`2022-0865`, :cve:`2022-0891`, :cve:`2022-0907`, :cve:`2022-0908`, :cve:`2022-0909`, :cve:`2022-0924`, :cve:`2022-1056`, :cve:`2022-22844`
-- unzip: :cve:`2021-4217`
-- vim: :cve:`2021-3796`, :cve:`2021-3872`, :cve:`2021-3875`, :cve:`2021-3927`, :cve:`2021-3928`, :cve:`2021-3968`, :cve:`2021-3973`, :cve:`2021-4187`, :cve:`2022-0128`, :cve:`2022-0156`, :cve:`2022-0158`, :cve:`2022-0261`, :cve:`2022-0318`, :cve:`2022-0319`, :cve:`2022-0554`, :cve:`2022-0696`, :cve:`2022-0714`, :cve:`2022-0729`, :cve:`2022-0943`
-- virglrenderer: :cve:`2022-0135`, :cve:`2022-0175`
-- webkitgtk: :cve:`2022-22589`, :cve:`2022-22590`, :cve:`2022-22592`
-- xz: :cve:`2022-1271`
-- zlib: :cve:`2018-25032`
+- binutils: :cve_nist:`2021-42574`, :cve_nist:`2021-45078`
+- curl: :cve_nist:`2021-22945`, :cve_nist:`2021-22946`, :cve_nist:`2021-22947`
+- epiphany: :cve_nist:`2021-45085`, :cve_nist:`2021-45086`, :cve_nist:`2021-45087`, :cve_nist:`2021-45088`
+- expat: :cve_nist:`2021-45960`, :cve_nist:`2021-46143`, :cve_nist:`2022-22822`, :cve_nist:`2022-22823`, :cve_nist:`2022-22824`, :cve_nist:`2022-22825`, :cve_nist:`2022-22826`, :cve_nist:`2022-22827`, :cve_nist:`2022-23852`, :cve_nist:`2022-23990`, :cve_nist:`2022-25235`, :cve_nist:`2022-25236`, :cve_nist:`2022-25313`, :cve_nist:`2022-25314`, :cve_nist:`2022-25315`
+- ffmpeg: :cve_nist:`2021-38114`
+- gcc: :cve_nist:`2021-35465`, :cve_nist:`2021-42574`, :cve_nist:`2021-46195`, :cve_nist:`2022-24765`
+- glibc: :cve_nist:`2021-3998`, :cve_nist:`2021-3999`, :cve_nist:`2021-43396`, :cve_nist:`2022-23218`, :cve_nist:`2022-23219`
+- gmp: :cve_nist:`2021-43618`
+- go: :cve_nist:`2021-41771` and :cve_nist:`2021-41772`
+- grub2: :cve_nist:`2021-3981`
+- gzip: :cve_nist:`2022-1271`
+- libarchive : :cve_nist:`2021-31566`, :cve_nist:`2021-36976`
+- libxml2: :cve_nist:`2022-23308`
+- libxslt: :cve_nist:`2021-30560`
+- lighttpd: :cve_nist:`2022-22707`
+- linux-yocto/5.10: amdgpu: :cve_nist:`2021-42327`
+- lua: :cve_nist:`2021-43396`
+- openssl: :cve_nist:`2021-4044`, :cve_nist:`2022-0778`
+- qemu: :cve_nist:`2022-1050`, :cve_nist:`2022-26353`, :cve_nist:`2022-26354`
+- rpm: :cve_nist:`2021-3521`
+- seatd: :cve_nist:`2022-25643`
+- speex: :cve_nist:`2020-23903`
+- squashfs-tools: :cve_nist:`2021-41072`
+- systemd: :cve_nist:`2021-4034`
+- tiff: :cve_nist:`2022-0561`, :cve_nist:`2022-0562`, :cve_nist:`2022-0865`, :cve_nist:`2022-0891`, :cve_nist:`2022-0907`, :cve_nist:`2022-0908`, :cve_nist:`2022-0909`, :cve_nist:`2022-0924`, :cve_nist:`2022-1056`, :cve_nist:`2022-22844`
+- unzip: :cve_nist:`2021-4217`
+- vim: :cve_nist:`2021-3796`, :cve_nist:`2021-3872`, :cve_nist:`2021-3875`, :cve_nist:`2021-3927`, :cve_nist:`2021-3928`, :cve_nist:`2021-3968`, :cve_nist:`2021-3973`, :cve_nist:`2021-4187`, :cve_nist:`2022-0128`, :cve_nist:`2022-0156`, :cve_nist:`2022-0158`, :cve_nist:`2022-0261`, :cve_nist:`2022-0318`, :cve_nist:`2022-0319`, :cve_nist:`2022-0554`, :cve_nist:`2022-0696`, :cve_nist:`2022-0714`, :cve_nist:`2022-0729`, :cve_nist:`2022-0943`
+- virglrenderer: :cve_nist:`2022-0135`, :cve_nist:`2022-0175`
+- webkitgtk: :cve_nist:`2022-22589`, :cve_nist:`2022-22590`, :cve_nist:`2022-22592`
+- xz: :cve_nist:`2022-1271`
+- zlib: :cve_nist:`2018-25032`