[OE-core] [PATCH] wget: CVE-2017-13089 and CVE-2017-13090
Andre McCurdy
armccurdy at gmail.com
Thu Nov 2 20:29:04 UTC 2017
On Tue, Oct 31, 2017 at 2:48 AM, Zhixiong Chi
<zhixiong.chi at windriver.com> wrote:
> On 2017年10月31日 17:13, Alexander Kanavin wrote:
>> On 10/31/2017 11:02 AM, Zhixiong Chi wrote:
>>>
>>> Patches from:
>>>
>>> http://git.savannah.gnu.org/cgit/wget.git/patch/?id=d892291fb8ace4c3b734ea5125770989c215df3f
>>> http://git.savannah.gnu.org/cgit/wget.git/patch/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
>>>
>>> CVE: CVE-2017-13089 CVE-2017-13090
>>
>> Update the master to 1.19.2 instead please.
Patching 1.19.1 does have the advantage of creating a commit which can
easily be cherry-picked into rocko (and pyro, which also uses wget
1.19.1).
Master should certainly update to 1.19.2 but doing so in two steps
might be appreciated by the stable branch maintainers.
More information about the Openembedded-core
mailing list