[OE-core] [PATCH 6/7] webkitgtk: update to 2.10.7
Alexander Kanavin
alexander.kanavin at linux.intel.com
Wed Feb 24 11:55:11 UTC 2016
On 02/16/2016 05:55 PM, akuster808 wrote:
>> Yes, which means that jethro (which has 2.8.5) needs the same update.
>
> there is a bug open for that 8877. there are a huge number of CVE's that
> need fixing.
I wrote a comment in that bug, but I think it bears repeating here:
Please read this, it's a bit long, but worth it:
https://blogs.gnome.org/mcatanzaro/2016/02/01/on-webkit-security-updates/
Summary: the upstream will not backport CVE fixes, and they will not be
making point releases in old branches with any kind of lifecycle
guarantee. Providing ongoing updates to the latest stable release of
webkit is the only way to stay secure.
So I believe that you indeed have to update webkit to 2.10.7, or
whatever is the latest stable release, and keep doing this for as long
as a yocto release needs to be supported.
Regards,
Alex
More information about the Openembedded-core
mailing list