[OE-core] [thud][PATCH] ghostscript: Fix CVE-2019-3835 and CVE-2019-3838
Burton, Ross
ross.burton at intel.com
Thu Apr 4 08:51:52 UTC 2019
On Thu, 4 Apr 2019 at 07:56, Ovidiu Panait <ovidiu.panait at windriver.com> wrote:
> > Have all of these been resolved in master?
> >
> > Ross
>
> No, these have not been resolved in master. Ghostscript version on
> master is 9.26 and the fixes come from 9.27, which hasn't been released yet.
>
> I only sent them for thud since I remember that on master is preferred
> to upgrade to a newer version when it's available instead of backporting
> fixes.
Policy is that security issues are fixed in master then the release
branches, so that we don't regress. If this is merged then the next
release will be vulnerable because it is frozen for upgrades right
now...
Ross
More information about the Openembedded-core
mailing list