We've been making good progress on reducing the number of issues reported by the CVE checker. We went from 202 on August 16 to 59 on November 29.
Some of these reductions have come from sending in corrections to the CVE database where there were errors in version matching, and others have come from backported fixes or whitelisting.. Many thanks to all who have helped! To encourage more folks to contribute to this effort I'm going to be holding a raffle during the month of December. You'll get one entry for each CVE fix patch that I merge into dunfell. And a database update that results in a reduction in dunell reported issues will also get you an entry. The prize? A bag of fresh roasted whole bean coffee from my small coffee orchard here on the Big Island of Hawaii. If the winner isn't a coffee drinker I'll try to get some locally grown tea as a substitute prize. The fine print: 1. Patches and database update requests must be submitted during the month of December to receive a raffle entry. 2. CVE patch submissions should follow the guidelines in the "Patch name convention and commit message" section of https://wiki.yoctoproject.org/wiki/Security 3. If the patch also applies to master please send the patch for master and note that it should be backported to dunfell/gatesgarth as appropriate. I'll pull this type of patch into dunfell only after it hits master. 4. CVE database update requests should be sent to: [email protected] You should note the CVE number and provide supporting links for why you think an update is appropriate. When you receive a "Thank you for bringing this to our attention. We appreciate community input" response please forward a copy to me. I'll add your raffle entry to the pool when the database is updated and the dunfell cve count reduced. 5. To help avoid people working on the same CVE's I'll start a "CVE raffle: collision avoidance" thread on this list. Just do a quick reply noting which CVE you plan to work on. Please don't claim one unless you really intend to follow through! Steve
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#145093): https://lists.openembedded.org/g/openembedded-core/message/145093 Mute This Topic: https://lists.openembedded.org/mt/78613043/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
