Hi all,
On 3/7/22 12:21, Quentin Schulz wrote:
From: Alexander Kanavin <[email protected]>
Signed-off-by: Alexander Kanavin <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
(cherry picked from commit 6a3289c4786c4d278e2bf0ec1a5e04363772d8bc)
Signed-off-by: Quentin Schulz <[email protected]>
---
https://www.spinics.net/lists/util-linux-ng/msg17037.html 2.37.3 fixes
two CVEs (not listed on nvdist database for some reason).
https://www.spinics.net/lists/util-linux-ng/msg17087.html 2.37.4 fixes
one CVE (not listed on bvdist for some reason).
I think it might be useful for release maintainer(s) if we mention in
the commit log or commit title if it's a security bump or not when
sending patches for version bumps to master? What do you think? (FYI,
Buildroot seems to do it regularly and it helps me with keeping my
vendor tree somewhat up-to-date security wise).
Cheers,
Quentin
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#162809):
https://lists.openembedded.org/g/openembedded-core/message/162809
Mute This Topic: https://lists.openembedded.org/mt/89609558/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
