[OE-core] [PATCH] curl: update to 7.56.1
Philip Balister
philip at balister.org
Fri Oct 27 14:55:51 UTC 2017
On 10/27/2017 02:46 PM, Alexander Kanavin wrote:
> On 10/27/2017 01:16 PM, Philip Balister wrote:
>> Can you also update the commit message to show the CVE entries in a
>> standard format? We are trying to collect commits that resolve CVE's on
>> the yocto-security list.
>>
>> https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Example:_CVE_patch_header
>>
>>
>> For this mentioning the CVE without the .patch might help. cc'ing
>> Michael in case he his suggesting to help the hook.
>
> For this to work, recipe maintainers need to do this manual work
> consistently and reliably across all version updates, and I simply can't
> see it happening.
>
> You should make the tooling work so that it looks at versions in
> addition to cve tags. So that this curl 7.54->7.56.1 commit resolves to
> the list of CVEs fixed in 7.56 automatically, via some database lookup.
We have to start somewhere.
Philip
>
> Alex
>
More information about the Openembedded-core
mailing list