On Thu, Apr 20, 2023 at 5:54 AM Ranjitsinh Rathod via lists.yoctoproject.org <[email protected]> wrote: > > Hi Bruce, > > When I checked in https://github.com/lxc/lxc/compare/stable-4.0 branch and > check, it seems the CVE is not fixed there and so this fix is not available > for the 4.0.12 version as well if we sned the bump. > > Please suggest what we can do here to fix the CVE at least for the dunfell > branch. > > If CVE is not fixed in the stable branch for lxc upstream, do we not going to > fix this CVE by applying a patch? >
In a situation like this, we should still do the bump .. as there are obviously more bugfixes than just the CVE in the newer version. So do the bump, and then include the CVE patch as an explicit backport from upstream at the same time. Bruce > Thanks, > Ranjitsinh Rathod > > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8008): https://lists.yoctoproject.org/g/meta-virtualization/message/8008 Mute This Topic: https://lists.yoctoproject.org/mt/97081672/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/leave/6693005/21656/1014668956/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
