On 10/21/15 8:35 AM, Martin Jansa wrote: > On Tue, Oct 20, 2015 at 05:41:09PM +0200, Martin Jansa wrote: >> On Mon, Oct 19, 2015 at 05:09:46PM -0700, akuster808 wrote: >>> Hello Martin, >>> >>> Are there issues with the changes in dizzy-next? need Otavio to signoff? >> No issues, I was just waiting for one of you to request the merge. >> >> Pushed now and new pull request pushed to dizzy-next. > Hmm there seems to be an issue after all. > > At least > 7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation > is missing in fido branch, both are using 2.9.3 version which is > affected. > > I haven't tested other patches (except testing that they don't apply > cleanly to fido as they are) and haven't checked if we need them in > master/jethro branch. > > But older releases shouldn't get fixes which are missing in newer > releases, otherwise people upgrading from dizzy to fido will get > suddenly vulnerable to this fuse issue probably without noticing.
you correct. Will work to correct that. - armin > > Regards, > >>> Dizzy behind by: >>> >>> e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047 >>> 0fb90be mariadb: Security Advisory -CVE-2015-2305 >>> c580b62 libssh2: fix CVE-2015-1782 >>> e00844e ptpd: disable libpcap detection via pcap-config >>> >> -- >> Martin 'JaMa' Jansa jabber: [email protected] > > -- _______________________________________________ Openembedded-devel mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-devel
