Hi Anuj,
Do you think there is irrelevant changes to the CVE in
https://github.com/bminor/bash/commit/
951bdaad7a18cc0dc1036bba86b18b90874d39ff or in this pach?
Could you please specify what's the irrelevant part?
I ask this because we also use this patch in our product.
Thanks in advance.
在 2020/2/18 23:43, Mittal, Anuj 写道:
On Tue, 2020-02-18 at 15:35 +0000, Richard Purdie wrote:
On Tue, 2020-02-18 at 10:28 -0500, Chet Ramey wrote:
On 2/17/20 9:46 PM, Huo, De wrote:
I applied the patch to fix CVE defect CVE-2019-18276.
That's not exactly an answer to the question of who produced the
patch.
If that patch is the one causing failures when it's applied,
doesn't it
make sense to go back to the person who produced it and ask them to
update it if necessary?
Its likely a general CVE patch where both configure and configure.ac
are patched. For OE, we can drop the configure part since we
reautoconf
the code. Its therefore the OE port of the patch which is likely at
fault.
Someone just needs to remove that section of the patch.
There are other issues with this patch which should also be fixed I
think. It has been marked as a Backport while it is not one. The patch
includes changes that are irrelevant to the CVE. And, it should have
gone to master first.
Thanks,
Anuj
--
_______________________________________________
Openembedded-core mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-core
