Re: Fixes to consider for a Bernard point release.
|
Liu, Song <song.liu@...>
Thank you Scott. This is a great list to start with.
toggle quoted message
Show quoted text
Hi Everyone, I changed the email subject and moved this thread to the public mailing list. Let's use this thread as the place to collect patches we recommend for the 1.0 Bernard point release. So please contribute if you have something in mind. But please make sure that this effort won't affect any of your 1.1 release related work. 1.1 release is our priority now. Thanks! Song -----Original Message-----
From: Scott Garman [mailto:scott.a.garman@...] Sent: Friday, September 30, 2011 4:30 PM To: Liu, Song Cc: Yocto Project Discussions Subject: Security related fixes to consider for a Bernard point release. Hi Song, At the last staff meeting, Paul brought up the possibility of doing another point-release for Bernard, at least to include some security fixes. I went and ran a scan on the bernard recipe versions using my CVE checker scripts, and came up with this short list of security fixes that we may wish to consider: python CVE-2011-1015 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1015 libpng CVE-2011-2690 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2690 libpng CVE-2011-2692 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2692 So it looks like only the python and libpng recipes would need to be upgraded. Scott -- Scott Garman Embedded Linux Engineer - Yocto Project Intel Open Source Technology Center |
|
|