On 17 September 2016 at 14:55, Zheng Ruoqin <zhengrq.f...@cn.fujitsu.com>

> 1.CVE-2016-2775.patch
> [security]      getrrsetbyname with a non absolute name could
>                 trigger an infinite recursion bug in lwresd
>                 and named with lwres configured if when combined
>                 with a search list entry the resulting name is
>                 too long. (CVE-2016-2775) [RT #42694]
> 2.CVE-2016-2776.patch
> [security]      It was possible to trigger a assertion when rendering
>                a message. (CVE-2016-2776) [RT #43139]
> Signed-off-by: zhengruoqin <zhengrq.f...@cn.fujitsu.com>

The patches themselves need CVE, Signed-off-by, and Upstream-Status tags.

The commit message needs a better short summary (at least, "fix two CVEs",
ideally better).

Openembedded-core mailing list

Reply via email to