On Tue, May 25, 2021 at 12:17 PM Richard Purdie <[email protected]> wrote: > > On Tue, 2021-05-25 at 12:50 +0000, Andrej Valek wrote: > > Hello everyone, > > > > I have an another question regarding to backporting this to dunfell branch. > > Is it possible to apply this upgrade to this branch? I would like to have > > an very important fix for CVE-2013-0340 > > (https://github.com/libexpat/libexpat/pull/220) > > there. But there is a lot of changes, means just applying the patch is not > > very promising. > > > > How we can handle it? > > Adding Steve to Cc. It is possible if there is a good case for it and there > aren't bad side effects from the change. I don't know enough about expat here > to comment on that.
Our responses crossed in the mail :-) I don't know enough about expat to comment on this either. But if someone who is familiar with expat would care to chime in I am open to consider whether an exception should be made. > I suspect we should be adding something to the expat recipe to make it match > libexpat CVEs, maybe CVE_PRODUCT = "libexpat"? Yes, good catch, that does appear to be the case. I'll do a little testing to verify that and will submit a patch. Steve
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152243): https://lists.openembedded.org/g/openembedded-core/message/152243 Mute This Topic: https://lists.openembedded.org/mt/83074955/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
