[yocto] Minutes: Yocto Project Technical Team Meeting - Tuesday, September 9, 2014 8:00 AM US Pacific Time

Burton, Ross ross.burton at intel.com
Wed Sep 24 13:58:51 PDT 2014


On 24 September 2014 12:44, Sona Sarmadi <sona.sarmadi at enea.com> wrote:
>> As well as security fixes for the kernel, do you also cover security fixes for the
>> userspace (i.e. everything else in oe-core)?  Help keeping the rest of the
>> system safe, and relevant fixes backported to the stable releases, is always
>> welcome.
>
> Yes, we monitor oss-security public mailing list, as soon a new vulnerability (CVE) in the Linux kernel or userspace is announced in that list, we try to catch them and backport all which are relevant. We look for other sources as well but oss-securiy (oss-security at lists.openwall.com) is a good source/mailing list/ to detect vulnerabilities in open source products (kernel & userspace).


Well this is convenient timing...  I'm sure you've noticed the CVE in
bash, will your team be able to submit patches for the releases we are
supporting (1.4 onwards)?

Ross



More information about the yocto mailing list