From: "Monsees, Steven C (US)" <steven.monsees@baesystems.com>
To: Tim Orling <ticotimo@gmail.com>,
Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: "yocto@lists.yoctoproject.org" <yocto@lists.yoctoproject.org>
Subject: RE: [yocto] CVE patch updates
Date: Fri, 25 Mar 2022 10:58:01 +0000 [thread overview]
Message-ID: <20220325105906.2BDACC433F5@smtp.lore.kernel.org> (raw)
In-Reply-To: <CANx9H-DwXcaNigE9JsR7NXRznmRXkdyiknQcMBcUYJYpj+Wy1Q@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2604 bytes --]
Thanks Tim, subscribed…
From: Tim Orling <ticotimo@gmail.com>
Sent: Thursday, March 24, 2022 9:03 PM
To: Richard Purdie <richard.purdie@linuxfoundation.org>
Cc: Monsees, Steven C (US) <steven.monsees@baesystems.com>; yocto@lists.yoctoproject.org
Subject: Re: [yocto] CVE patch updates
External Email Alert
This email has been sent from an account outside of the BAE Systems network.
Please treat the email with caution, especially if you are requested to click on a link, decrypt/open an attachment, or enable macros. For further information on how to spot phishing, access “Cybersecurity OneSpace Page” and report phishing by clicking the button “Report Phishing” on the Outlook toolbar.
On Thu, Mar 24, 2022 at 2:45 PM Richard Purdie <richard.purdie@linuxfoundation.org<mailto:richard.purdie@linuxfoundation.org>> wrote:
On Thu, 2022-03-24 at 16:56 +0000, Monsees, Steven C (US) via
lists.yoctoproject.org<http://lists.yoctoproject.org> wrote:
>
> I am currently building in cve-check to see what is reported, and I was curious
> if Yocto might provide any CVE based patch repositories ?
>
> Is there a yocto page somewhere that goes over this side of things ?,
> I did not see much in the mega-manual… I am running on zeus based platforms (for
> both armarch64 and x86_64).
>
You'll see output of cve-check on the yocto-security list for layers that are
still in maintenance:
https://lists.yoctoproject.org/g/yocto-security/messages
although zeus is out of maintenance.
We merge CVE fixes to the branches that are in maintenance.
A graph showing the data over time:
https://docs.google.com/spreadsheets/d/e/2PACX-1vRgNISmH0Ditf0bRtSezeR2XsgKIiSFJKF6KJUHpnzocNGzvKZbuSDKfmV3n64BFXDRqElBSJnhHtG4/pubchart?oid=1993375488&format=interactive
Steven, if you haven’t already, you should subscribe to
https://lists.yoctoproject.org/g/yocto-security
Emails are sent out, usually on Sunday. If you see a CVE that interests you… grab it and fix it.
This is mostly a community effort. There is no special dedicated squad of security champions.
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#56555): https://lists.yoctoproject.org/g/yocto/message/56555
Mute This Topic: https://lists.yoctoproject.org/mt/90004034/924729
Group Owner: yocto+owner@lists.yoctoproject.org<mailto:yocto%2Bowner@lists.yoctoproject.org>
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [ticotimo@gmail.com<mailto:ticotimo@gmail.com>]
-=-=-=-=-=-=-=-=-=-=-=-
[-- Attachment #2: Type: text/html, Size: 8347 bytes --]
next prev parent reply other threads:[~2022-03-25 10:59 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <MADEUP.16DF5F8906D065B9.27042@lists.yoctoproject.org>
[not found] ` <a789cfc1a41ac9b17dc81efb7aab3b56716a64bb.camel@linuxfoundation.org>
2022-03-25 1:02 ` [yocto] CVE patch updates Tim Orling
2022-03-25 10:32 ` Monsees, Steven C (US)
2022-03-25 10:58 ` Monsees, Steven C (US) [this message]
[not found] <MADEUP.16DF6308F3F50D79.7324@lists.yoctoproject.org>
2022-03-24 18:56 ` Monsees, Steven C (US)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220325105906.2BDACC433F5@smtp.lore.kernel.org \
--to=steven.monsees@baesystems.com \
--cc=richard.purdie@linuxfoundation.org \
--cc=ticotimo@gmail.com \
--cc=yocto@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.