[yocto] [RFC] CVEs on sumo branch
akuster
akuster at mvista.com
Sat Sep 22 07:46:56 PDT 2018
On 09/21/2018 02:07 PM, Sinan Kaya wrote:
> On 9/21/2018 4:35 PM, akuster808 wrote:
>> I already have in my sumo-next
>> http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/log/?h=stable/sumo-next
>>
>> libcroco: patch for CVE-2017-7960
>> <http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/commit/?h=stable/sumo-nmut&id=c02364a464d2e96ca663018d5266c68751f2c335>
>>
>>
>> libarchive: CVE-2017-14501
>> <http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/commit/?h=stable/sumo-nmut&id=8d7f5e76cad2127e477056ce42d1be06b4df5b5c>
>>
>>
>> For the rest can you sent them to the proper mailing list
>> openembedded-core at lists.openembedded.org via git send-patch.
>
> Actually, I took this from open-embedded master branch.
>
> https://github.com/openembedded/openembedded-core/commit/b9b254da08c1db94ac9ded5f67d7e2e82e3b9be7
>
>
> commit b9b254da08c1db94ac9ded5f67d7e2e82e3b9be7
> Author: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
> Date: Tue Jun 26 13:44:17 2018 +0800
>
> glibc: fix CVE-2018-11237
>
> glibc: fix CVE-2018-11237
>
> Signed-off-by: Zheng Ruoqin <zhengrq.fnst at cn.fujitsu.com>
> Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
>
> What does it take to move this in the right direction?
bring it to my attention like you have.
backported it for the next build round.
Thanks,
Armin
>
> I'll take care of the remaining 3.
More information about the yocto
mailing list