[OE-core] [PATCH] curl: update to 7.56.1
Alexander Kanavin
alexander.kanavin at linux.intel.com
Fri Oct 27 12:46:58 UTC 2017
On 10/27/2017 01:16 PM, Philip Balister wrote:
> Can you also update the commit message to show the CVE entries in a
> standard format? We are trying to collect commits that resolve CVE's on
> the yocto-security list.
>
> https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Example:_CVE_patch_header
>
> For this mentioning the CVE without the .patch might help. cc'ing
> Michael in case he his suggesting to help the hook.
For this to work, recipe maintainers need to do this manual work
consistently and reliably across all version updates, and I simply can't
see it happening.
You should make the tooling work so that it looks at versions in
addition to cve tags. So that this curl 7.54->7.56.1 commit resolves to
the list of CVEs fixed in 7.56 automatically, via some database lookup.
Alex
More information about the Openembedded-core
mailing list