On 02/11/2016 09:08 PM, akuster808 wrote:
this update includes:
CVE-2015-7096
Versions affected: WebKitGTK+ before 2.10.5.
CVE-2015-7098
Versions affected: WebKitGTK+ before 2.10.5.
http://webkitgtk.org/security.html
Yes, which means that jethro (which has 2.8.5) needs the same update.
Generally, this manual check for vulnerabilities is error-prone and
doesn't scale. We really should automate cve checks (using
cve-check-tool or something similar) when doing package builds, I'll try
to look if it's feasible. There's been an open bug for a long time:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7515
Alex
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core