Re: Fixes to consider for a Bernard point release.

Liu, Song <song.liu@...>

Thank you Scott. This is a great list to start with.

Hi Everyone,

I changed the email subject and moved this thread to the public mailing list. Let's use this thread as the place to collect patches we recommend for the 1.0 Bernard point release. So please contribute if you have something in mind. But please make sure that this effort won't affect any of your 1.1 release related work. 1.1 release is our priority now.


-----Original Message-----
From: Scott Garman [mailto:scott.a.garman@...]
Sent: Friday, September 30, 2011 4:30 PM
To: Liu, Song
Cc: Yocto Project Discussions
Subject: Security related fixes to consider for a Bernard point release.

Hi Song,

At the last staff meeting, Paul brought up the possibility of doing
another point-release for Bernard, at least to include some security
fixes. I went and ran a scan on the bernard recipe versions using my CVE
checker scripts, and came up with this short list of security fixes that
we may wish to consider:

python CVE-2011-1015
libpng CVE-2011-2690
libpng CVE-2011-2692

So it looks like only the python and libpng recipes would need to be


Scott Garman
Embedded Linux Engineer - Yocto Project
Intel Open Source Technology Center

Join to automatically receive all group messages.