[OE-core] [PATCH 6/7] webkitgtk: update to 2.10.7
akuster808
akuster808 at gmail.com
Tue Feb 16 15:55:07 UTC 2016
On 02/16/2016 06:34 AM, Alexander Kanavin wrote:
> On 02/11/2016 09:08 PM, akuster808 wrote:
>> this update includes:
>>
>>
>> CVE-2015-7096
>> Versions affected: WebKitGTK+ before 2.10.5.
>>
>> CVE-2015-7098
>> Versions affected: WebKitGTK+ before 2.10.5.
>>
>>
>> http://webkitgtk.org/security.html
>
> Yes, which means that jethro (which has 2.8.5) needs the same update.
there is a bug open for that 8877. there are a huge number of CVE's that
need fixing.
- armin
>
> Generally, this manual check for vulnerabilities is error-prone and
> doesn't scale. We really should automate cve checks (using
> cve-check-tool or something similar) when doing package builds, I'll try
> to look if it's feasible. There's been an open bug for a long time:
>
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7515
>
>
> Alex
More information about the Openembedded-core
mailing list