Re: CVE patch updates

Tim Orling

On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@...> wrote:
On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via wrote:
> I am currently building in cve-check to see what is reported, and I was curious
> if Yocto might provide any CVE based patch repositories ?
> Is there a yocto page somewhere that goes over this side of things ?,
> I did not see much in the mega-manual… I am running on zeus based platforms (for
> both armarch64 and x86_64).

You'll see output of cve-check on the yocto-security list for layers that are
still in maintenance:

although zeus is out of maintenance.

We merge CVE fixes to the branches that are in maintenance.

A graph showing the data over time:

Steven, if you haven’t already, you should subscribe to 

Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it.

This is mostly a community effort. There is no special dedicated squad of security champions.



Join to automatically receive all group messages.