[yocto] Fixes to consider for a Bernard point release.
Liu, Song
song.liu at intel.com
Mon Oct 3 09:30:55 PDT 2011
Thank you Scott. This is a great list to start with.
Hi Everyone,
I changed the email subject and moved this thread to the public mailing list. Let's use this thread as the place to collect patches we recommend for the 1.0 Bernard point release. So please contribute if you have something in mind. But please make sure that this effort won't affect any of your 1.1 release related work. 1.1 release is our priority now.
Thanks!
Song
-----Original Message-----
From: Scott Garman [mailto:scott.a.garman at intel.com]
Sent: Friday, September 30, 2011 4:30 PM
To: Liu, Song
Cc: Yocto Project Discussions
Subject: Security related fixes to consider for a Bernard point release.
Hi Song,
At the last staff meeting, Paul brought up the possibility of doing
another point-release for Bernard, at least to include some security
fixes. I went and ran a scan on the bernard recipe versions using my CVE
checker scripts, and came up with this short list of security fixes that
we may wish to consider:
python CVE-2011-1015
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1015
libpng CVE-2011-2690
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2690
libpng CVE-2011-2692
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2692
So it looks like only the python and libpng recipes would need to be
upgraded.
Scott
--
Scott Garman
Embedded Linux Engineer - Yocto Project
Intel Open Source Technology Center
More information about the yocto
mailing list