[OE-core] [PATCH] curl: update to 7.56.1
Alexander Kanavin
alexander.kanavin at linux.intel.com
Mon Oct 30 08:52:42 UTC 2017
On 10/29/2017 05:28 PM, akuster808 wrote:
>>> 2. Delete the following patchs which have been applied in curl 7.56.1
>>> CVE-2017-1000099.patch
>>> CVE-2017-1000100.patch
>>> CVE-2017-1000101.patch
>>> 3. Delete the do_install_append() due to the curl/curlbuild.h have been removed.
>> Can you also update the commit message to show the CVE entries in a
>> standard format? We are trying to collect commits that resolve CVE's on
>> the yocto-security list.
>>
>> https://www.openembedded.org/wiki/Commit_Patch_Message_Guidelines#Example:_CVE_patch_header
> How does that work on patches that go removed?
>
>> For this mentioning the CVE without the .patch might help. cc'ing
>> Michael in case he his suggesting to help the hook.
> What is the point of indicating CVE's being removed?
Indeed; I actually misunderstood the above request, and thought it's for
newly fixed CVEs. But referencing CVEs that were already fixed before
the commit, and remain fixed after the commit serves no purpose.
Alex
More information about the Openembedded-core
mailing list