[oe] dizzy-next sync to dizzy
akuster808
akuster808 at gmail.com
Wed Oct 21 19:45:11 UTC 2015
On 10/21/15 8:35 AM, Martin Jansa wrote:
> On Tue, Oct 20, 2015 at 05:41:09PM +0200, Martin Jansa wrote:
>> On Mon, Oct 19, 2015 at 05:09:46PM -0700, akuster808 wrote:
>>> Hello Martin,
>>>
>>> Are there issues with the changes in dizzy-next? need Otavio to signoff?
>> No issues, I was just waiting for one of you to request the merge.
>>
>> Pushed now and new pull request pushed to dizzy-next.
> Hmm there seems to be an issue after all.
>
> At least
> 7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
> is missing in fido branch, both are using 2.9.3 version which is
> affected.
>
> I haven't tested other patches (except testing that they don't apply
> cleanly to fido as they are) and haven't checked if we need them in
> master/jethro branch.
>
> But older releases shouldn't get fixes which are missing in newer
> releases, otherwise people upgrading from dizzy to fido will get
> suddenly vulnerable to this fuse issue probably without noticing.
you correct. Will work to correct that.
- armin
>
> Regards,
>
>>> Dizzy behind by:
>>>
>>> e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
>>> 0fb90be mariadb: Security Advisory -CVE-2015-2305
>>> c580b62 libssh2: fix CVE-2015-1782
>>> e00844e ptpd: disable libpcap detection via pcap-config
>>>
>> --
>> Martin 'JaMa' Jansa jabber: Martin.Jansa at gmail.com
>
>
More information about the Openembedded-devel
mailing list