On Thu, 29 Jun 2017, Richard Purdie wrote:
> On Wed, 2017-06-28 at 13:38 -0400, Scott Murray wrote:
> > On Mon, 19 Jun 2017, Richard Purdie wrote:
> >
> > >
> > > I suspect this has been missed by some people so I want to spell it
> > > out. We have our first CVE in OE-Core itself.
> > >
> > >
On Wed, 2017-06-28 at 13:38 -0400, Scott Murray wrote:
> On Mon, 19 Jun 2017, Richard Purdie wrote:
>
> >
> > I suspect this has been missed by some people so I want to spell it
> > out. We have our first CVE in OE-Core itself.
> >
> > The issue is limited to binary ipks potentially exposing
On Mon, 19 Jun 2017, Richard Purdie wrote:
> I suspect this has been missed by some people so I want to spell it
> out. We have our first CVE in OE-Core itself.
>
> The issue is limited to binary ipks potentially exposing sensitive
> information through the "Source:" field which contained the
On Tue, 2017-06-20 at 08:27 -0500, Sean Hudson wrote:
> On 2017-06-20 04:30 AM, Paul Eggleton wrote:
> >
> > On Monday, 19 June 2017 5:31:10 PM CEST Sean Hudson wrote:
> > >
> > > On 2017-06-19 09:05 AM, Mark Hatle wrote:
> > > >
> > > > It would be reasonable to write up a 'best practices'
On Tuesday, 20 June 2017 3:27:15 PM CEST you wrote:
> On 2017-06-20 04:30 AM, Paul Eggleton wrote:
> > On Monday, 19 June 2017 5:31:10 PM CEST Sean Hudson wrote:
> >> On 2017-06-19 09:05 AM, Mark Hatle wrote:
> >>> It would be reasonable to write up a 'best practices' type document.
> >>>
On 2017-06-20 04:30 AM, Paul Eggleton wrote:
> On Monday, 19 June 2017 5:31:10 PM CEST Sean Hudson wrote:
>> On 2017-06-19 09:05 AM, Mark Hatle wrote:
>>> It would be reasonable to write up a 'best practices' type document.
>>> Explaining that simply due to the nature of building many of these
On Monday, 19 June 2017 5:31:10 PM CEST Sean Hudson wrote:
> On 2017-06-19 09:05 AM, Mark Hatle wrote:
> > It would be reasonable to write up a 'best practices' type document.
> > Explaining that simply due to the nature of building many of these things
> > will be 'leaked' and where some of them
On 2017-06-19 09:05 AM, Mark Hatle wrote:
> On 6/19/17 8:20 AM, Philip Balister wrote:
>> On 06/19/2017 06:38 AM, Richard Purdie wrote:
>>> I suspect this has been missed by some people so I want to spell it
>>> out. We have our first CVE in OE-Core itself.
>>>
>>> The issue is limited to binary
On 6/19/17 5:38 AM, Richard Purdie wrote:
> I suspect this has been missed by some people so I want to spell it
> out. We have our first CVE in OE-Core itself.
>
> The issue is limited to binary ipks potentially exposing sensitive
> information through the "Source:" field which contained the full
On 6/19/17 8:20 AM, Philip Balister wrote:
> On 06/19/2017 06:38 AM, Richard Purdie wrote:
>> I suspect this has been missed by some people so I want to spell it
>> out. We have our first CVE in OE-Core itself.
>>
>> The issue is limited to binary ipks potentially exposing sensitive
>> information
On 06/19/2017 09:29 AM, Burton, Ross wrote:
> On 19 June 2017 at 14:20, Philip Balister wrote:
>
>> So the issue is leaking credentials, not build system paths? I mention
>> this because we do leak build system paths into images in other places.
>>
>
> Yes, SRC_URI can
On 19 June 2017 at 14:20, Philip Balister wrote:
> So the issue is leaking credentials, not build system paths? I mention
> this because we do leak build system paths into images in other places.
>
Yes, SRC_URI can contain username/passwords, and even if you filter those
On 06/19/2017 06:38 AM, Richard Purdie wrote:
> I suspect this has been missed by some people so I want to spell it
> out. We have our first CVE in OE-Core itself.
>
> The issue is limited to binary ipks potentially exposing sensitive
> information through the "Source:" field which contained the
13 matches
Mail list logo