[OE-core] bash: Fix CVE-2019-18276
Richard Purdie
richard.purdie at linuxfoundation.org
Wed Feb 19 18:55:04 UTC 2020
On Wed, 2020-02-19 at 07:46 -0800, akuster808 wrote:
>
> On 2/18/20 7:49 AM, Richard Purdie wrote:
> > On Tue, 2020-02-18 at 15:43 +0000, Mittal, Anuj wrote:
> > > On Tue, 2020-02-18 at 15:35 +0000, Richard Purdie wrote:
> > > >
> > > > Someone just needs to remove that section of the patch.
> > > There are other issues with this patch which should also be fixed
> > > I
> > > think. It has been marked as a Backport while it is not one. The
> > > patch
> > > includes changes that are irrelevant to the CVE. And, it should
> > > have
> > > gone to master first.
> > I shall await guidance from you/Armin then.
>
> We should revert the commit. Ill send a patch.
Anuj sent it, I've merged it to zeus. Open questions:
Should we ship 3.0.2 rc2?
Did this patch cause this regression:
https://bugzilla.yoctoproject.org/show_bug.cgi?id=13795
Cheers,
Richard
More information about the Openembedded-core
mailing list