[OE-core] [PATCH 01/10] openssl: update to 1.0.2e
Paul Eggleton
paul.eggleton at linux.intel.com
Thu Dec 10 23:13:26 UTC 2015
On Thu, 10 Dec 2015 12:50:20 Alexander Kanavin wrote:
> On 12/09/2015 09:52 PM, akuster808 wrote:
> > Can we get the CVE's fix by this update included in the commit?
>
> It's a version update to oe-core's development branch (e.g.
> non-production, frequently updated), why have the CVEs in the commit
> message?
So that it's clearer when a CVE has been resolved, however we ended up
resolving it. We currently have a massive gap in what we know about CVE
resolution because upgrades that fix them aren't tracked in any way.
Cheers,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
More information about the Openembedded-core
mailing list