[OE-core] [PATCH 1/3] readline: Security Advisory - readline - CVE-2014-2524
Petter Mabäcker
petter at technux.se
Tue Oct 6 13:43:19 UTC 2015
2015-10-06 14:58 skrev Burton, Ross:
> On 6 October 2015 at 12:23,
Petter Mabäcker <petter at technux.se> wrote:
>
>> The patch must be
applied by something/someone.. For example Debian solves it by doing
their own .diff patch
(http://http.debian.net/debian/pool/main/r/readline6/readline6_6.3-8.debian.tar.xz
[1]). I can send a suggestion about how to solve this in a proper
way.
>
> Whoops, the file wasn't renamed to .patch and even after being
renamed, it isn't actually a properly formatted patch. I'll fix this up
now.
Great. As you will notice also when formatted properly it will not
apply due to that readline63-001 and readline63-002 isn't applied so
'patchlevel' is incorrect. That makes me wondering what the patching
strategy is? In my opinion we should consider adding the official
readline-6.3 patches as well. Should I add a bug report for that or
leave it as is (depending on the strategy...)?
BR Petter
> Thanks
for noticing!
>
> Ross
Links:
------
[1]
http://http.debian.net/debian/pool/main/r/readline6/readline6_6.3-8.debian.tar.xz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20151006/edcd4944/attachment-0002.html>
More information about the Openembedded-core
mailing list