Hi Alex, Yes I agree with you but this is already a public CVE. Maybe in the future we will/should just discuss security related issues in the [email protected]<mailto:[email protected]> mailing list, but right now we don’t have many members so I copy to the [email protected]<mailto:[email protected]> list as well.
My intention is to make the list aware of security vulnerabilities/CVEs which keep coming all the time. I encourage everyone to do this. We will soon or later create a bug in Bugzilla if needed or just backport the CVE to our version or upgrade the recipes in the affected package to the version which is not vulnerable. //Sona From: Alexandru Vaduva [mailto:[email protected]] Sent: den 12 mars 2015 00:28 To: Sona Sarmadi; [email protected] Cc: [email protected] Subject: Re: [yocto] bind: issue in trust anchor management can cause named to crash (CVE-2015-1349) Wouldn`t it be better for the bugs to be only mentioned on the security list? It is my opinion that know about a risk before it is fixed could cause more harm then good. What do you thing about this? Alex Vaduva
-- _______________________________________________ yocto mailing list [email protected] https://lists.yoctoproject.org/listinfo/yocto
