[OE-core] [PATCH 6/7] webkitgtk: update to 2.10.7
Alexander Kanavin
alexander.kanavin at linux.intel.com
Tue Feb 16 14:34:29 UTC 2016
On 02/11/2016 09:08 PM, akuster808 wrote:
> this update includes:
>
>
> CVE-2015-7096
> Versions affected: WebKitGTK+ before 2.10.5.
>
> CVE-2015-7098
> Versions affected: WebKitGTK+ before 2.10.5.
>
>
> http://webkitgtk.org/security.html
Yes, which means that jethro (which has 2.8.5) needs the same update.
Generally, this manual check for vulnerabilities is error-prone and
doesn't scale. We really should automate cve checks (using
cve-check-tool or something similar) when doing package builds, I'll try
to look if it's feasible. There's been an open bug for a long time:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7515
Alex
More information about the Openembedded-core
mailing list