Re: dizzy-next sync to dizzy

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Martin Jansa <martin.jansa@gmail.com>
To: akuster808 <akuster808@gmail.com>
Cc: OpenEmbedded Devel List
	<openembedded-devel@lists.openembedded.org>,
	Otavio Salvador <otavio@ossystems.com.br>
Subject: Re: dizzy-next sync to dizzy
Date: Wed, 21 Oct 2015 17:35:08 +0200	[thread overview]
Message-ID: <20151021153508.GF2556@jama> (raw)
In-Reply-To: <20151020154109.GA2557@jama>

[-- Attachment #1: Type: text/plain, Size: 1322 bytes --]

On Tue, Oct 20, 2015 at 05:41:09PM +0200, Martin Jansa wrote:
> On Mon, Oct 19, 2015 at 05:09:46PM -0700, akuster808 wrote:
> > Hello Martin,
> > 
> > Are there issues with the changes in dizzy-next? need Otavio to signoff?
> 
> No issues, I was just waiting for one of you to request the merge.
> 
> Pushed now and new pull request pushed to dizzy-next.

Hmm there seems to be an issue after all.

At least
7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
is missing in fido branch, both are using 2.9.3 version which is
affected.

I haven't tested other patches (except testing that they don't apply
cleanly to fido as they are) and haven't checked if we need them in
master/jethro branch.

But older releases shouldn't get fixes which are missing in newer
releases, otherwise people upgrading from dizzy to fido will get
suddenly vulnerable to this fuse issue probably without noticing.

Regards,

> > Dizzy behind by:
> > 
> > e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
> > 0fb90be mariadb: Security Advisory -CVE-2015-2305
> > c580b62 libssh2: fix CVE-2015-1782
> > e00844e ptpd: disable libpcap detection via pcap-config
> > 
> 
> -- 
> Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com



-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]

next prev parent reply	other threads:[~2015-10-21 15:34 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-10-20  0:09 dizzy-next sync to dizzy akuster808
2015-10-20 11:30 ` Otavio Salvador
2015-10-20 15:41 ` Martin Jansa
2015-10-21 15:35   ` Martin Jansa [this message]
2015-10-21 19:45     ` akuster808

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20151021153508.GF2556@jama \
    --to=martin.jansa@gmail.com \
    --cc=akuster808@gmail.com \
    --cc=openembedded-devel@lists.openembedded.org \
    --cc=otavio@ossystems.com.br \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.