From c91b9dddce8603638dd71a9fc35ce56f23517cf5 Mon Sep 17 00:00:00 2001
From: Wentao Zhang <Wentao.Zhang@windriver.com>
Date: Thu, 14 Mar 2024 02:09:17 -0700
Subject: [PATCH] Debian: libuv1: fix CVE-2024-24806

Upgrade libuv1 to 1.40.0-2+deb11u1

Refer to:
https://nvd.nist.gov/vuln/detail/CVE-2024-24806
https://security-tracker.debian.org/tracker/DSA-5638-1

Test Plan:
Pass: downloader
Pass: build-pkgs --clean --all
Pass: build-image
Pass: boot

Closes-bug: #2057488

Change-Id: If9a79c49b8c203054911d548c5b907c800a04477
Signed-off-by: Wentao Zhang <Wentao.Zhang@windriver.com>
---
 debian-mirror-tools/config/debian/common/base-bullseye.lst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst
index ee60b8af..ba679b21 100644
--- a/debian-mirror-tools/config/debian/common/base-bullseye.lst
+++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst
@@ -720,7 +720,7 @@ libusbredirparser-dev  0.8.0-1+b1
 libusbredirparser1  0.8.0-1+b1
 libutempter0 1.2.1-2
 libuuid1  2.36.1-8+deb11u1
-libuv1  1.40.0-2
+libuv1  1.40.0-2+deb11u1  https://snapshot.debian.org/archive/debian-security/20240310T130025Z/pool/updates/main/libu/libuv1/libuv1_1.40.0-2%2Bdeb11u1_amd64.deb
 libibverbs1  33.2-1
 libvirglrenderer-dev  0.8.2-5+deb11u1 https://snapshot.debian.org/archive/debian/20221210T034654Z/pool/main/v/virglrenderer/libvirglrenderer-dev_0.8.2-5%2Bdeb11u1_amd64.deb
 libvirglrenderer1  0.8.2-5+deb11u1 https://snapshot.debian.org/archive/debian/20221210T034654Z/pool/main/v/virglrenderer/libvirglrenderer1_0.8.2-5%2Bdeb11u1_amd64.deb