I neglected to mention that I post a list of outstanding CVE's to [email protected] every Sunday. You can browse that email to select CVEs to work on.
Steve On Mon, Nov 30, 2020 at 7:12 AM Steve Sakoman via lists.openembedded.org <[email protected]> wrote: > > We've been making good progress on reducing the number of issues > reported by the CVE checker. We went from 202 on August 16 to 59 on > November 29. > > Some of these reductions have come from sending in corrections to the > CVE database where there were errors in version matching, and others > have come from backported fixes or whitelisting.. Many thanks to all > who have helped! > > To encourage more folks to contribute to this effort I'm going to be > holding a raffle during the month of December. You'll get one entry > for each CVE fix patch that I merge into dunfell. And a database > update that results in a reduction in dunell reported issues will also > get you an entry. > > The prize? A bag of fresh roasted whole bean coffee from my small > coffee orchard here on the Big Island of Hawaii. If the winner isn't > a coffee drinker I'll try to get some locally grown tea as a > substitute prize. > > The fine print: > > 1. Patches and database update requests must be submitted during the > month of December to receive a raffle entry. > > 2. CVE patch submissions should follow the guidelines in the "Patch > name convention and commit message" section of > https://wiki.yoctoproject.org/wiki/Security > > 3. If the patch also applies to master please send the patch for > master and note that it should be backported to dunfell/gatesgarth as > appropriate. I'll pull this type of patch into dunfell only after it > hits master. > > 4. CVE database update requests should be sent to: > [email protected] You should note the CVE number and provide > supporting links for why you think an update is appropriate. When you > receive a "Thank you for bringing this to our attention. We appreciate > community input" response please forward a copy to me. I'll add your > raffle entry to the pool when the database is updated and the dunfell > cve count reduced. > > 5. To help avoid people working on the same CVE's I'll start a "CVE > raffle: collision avoidance" thread on this list. Just do a quick > reply noting which CVE you plan to work on. Please don't claim one > unless you really intend to follow through! > > Steve > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#145095): https://lists.openembedded.org/g/openembedded-core/message/145095 Mute This Topic: https://lists.openembedded.org/mt/78613043/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
