On Mon, 2019-12-09 at 05:48 -0800, milunj via Lists.Yoctoproject.Org wrote: > My greeting to all > I am new on yocto project and yocto build environment is also new to > me ... > My working task is removing vulnerabilities from libc library... > The processor is based on arm5 while newer yoctos 2.7.x and 3.x. do > not provide environment support for arm5 based processors. > > The glibc vulnerabilities are fixed in the latest glibc 2.30 > released. package while yocto 2.6.x includes 2.28 package. > Also some of glibc vulnerabilities are patched in 2.6.4 (\oecore- > thud-20.0.4.tar\oecore-thud-20.0.4\meta\recipes-core\glibc\glibc): > > CVE-2016-10739 > CVE-2018-19591 > CVE-2019-6488 > CVE-2019-7309 > CVE-2019-9169 > while there are some others those have not been patched: > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3590 > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-7254 > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20796 > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-9192 > > Does anyone know whether new vulnerability patches will be applied > for yocto 2.6.5 and when will be released yocto 2.6.5 ?
it depends on contribution, if you can contribute the fixes thats best for predictability, secondly, you can also open tickets in yocto bug tracking system. > Thank you in advance > Milun > > > > > > > -=-=-=-=-=-=-=-=-=-=-=-Links: You receive all messages sent to this > group. > View/Reply Online (#47603): > https://lists.yoctoproject.org/g/yocto/message/47603 > Mute This Topic: https://lists.yoctoproject.org/mt/67793912/1997914 > Mute #yocto: > https://lists.yoctoproject.org/mk?hashtag=yocto&subid=6692173 > Group Owner: [email protected] > Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [raj.khem@ > gmail.com]-=-=-=-=-=-=-=-=-=-=-=-
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#47612): https://lists.yoctoproject.org/g/yocto/message/47612 Mute This Topic: https://lists.yoctoproject.org/mt/67793912/21656 Mute #yocto: https://lists.yoctoproject.org/mk?hashtag=yocto&subid=6691583 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
