[OE-core] [PATCH 0/1] nss: CVE-2014-1568
Burton, Ross
ross.burton at intel.com
Wed Nov 12 09:28:06 UTC 2014
Hi Armin,
On 12 November 2014 05:54, akuster808 <akuster808 at gmail.com> wrote:
> Would I upgrade nss for dizzy or backport the cve fix (leaning towards
> back porting).
>
For stable releases, unless there's a *very* good reason then backport the
CVE patch instead of upgrading. The recent exception was openssl in daisy
which was upgraded because the number of patches being applied would be
unmanageable!
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20141112/ec6c141e/attachment-0002.html>
More information about the Openembedded-core
mailing list