[OE-core] [PATCH 1/1] ffmpeg: backport patches to fix 12 CVEs
ChenQi
Qi.Chen at windriver.com
Sat Sep 30 03:26:01 UTC 2017
On 09/26/2017 03:56 PM, Alexander Kanavin wrote:
> On 09/26/2017 10:57 AM, ChenQi wrote:
>
>> I agree with you. I have tried to do the upgrade, and it's easy.
>> However, at the current stage, it's unlikely for an upgrade patch to
>> be accepted. That's why I did the backport.
>
> If the upgrade patch brings a new feature release, then yes. But in
> this case it's clearly:
>
> a) bugfix only (nearly all commits since 3.3.3 start with 'fix' or
> 'check') and
> b) contains security fixes
>
> I think it's only a matter of explaining these two things clearly in
> the commit message: if you do it, the patch will be accepted.
>
> Alex
>
Alex,
Thanks for your suggestion.
I've sent out an upgrade patch with explanation of why 3.3.4 is a bug
fix version.
Boss,
For the upgrade patch and this cve fixing patch, you can pick either of
them.
If we cannot merge the patch at this point, it's also OK for me to wait
for the next development cycle.
Best Regards,
Chen Qi
More information about the Openembedded-core
mailing list