[OE-core] [PATCH] curl: Security Advisory - curl - CVE-2017-1000254
Alexander Kanavin
alexander.kanavin at linux.intel.com
Wed Oct 25 11:18:22 UTC 2017
On 10/25/2017 07:40 AM, akuster808 wrote:
>
>
> On 10/23/2017 03:29 AM, Alexander Kanavin wrote:
>> On 10/23/2017 10:44 AM, Li Zhou wrote:
>>> Porting patch from <https://github.com/curl/curl/commit/
>>> 5ff2c5ff25750aba1a8f64fbcad8e5b891512584> to solve CVE-2017-1000254.
>>
>> It's better to update to latest version (7.56) instead of backporting
>> patches, please do that.
>
> Then these should be stagged for Rocko. Work has been done.
Only if master is also fixed at the same time (or sooner) - there cannot
be a situation where something is fixed in rocko, but not in master. I'm
fine if it's via CVE backports, but I would prefer a version upgrade.
Alex
More information about the Openembedded-core
mailing list