* Re: [PATCH 2/4] libuser: Upgrade from 0.56.18 to 0.57.1
[not found] ` <600acc9d3bd9271836ab244de7c072ffe11caec2.1296105920.git.edwin.zhai@intel.com>
@ 2011-01-27 15:59 ` Scott Garman
0 siblings, 0 replies; only message in thread
From: Scott Garman @ 2011-01-27 15:59 UTC (permalink / raw)
To: poky
On 01/26/2011 09:29 PM, poky-bounces@yoctoproject.org wrote:
> From: Zhai Edwin<edwin.zhai@intel.com>
>
> This can fix the vulnerable issue @ http://secunia.com/advisories/42891/
This isn't a big deal at the moment, but I'm thinking about establishing
a best practice going forward to document security-related fixes. The
CVE number is regarded as the universal identifier, so something like
the following is preferred:
* Addresses CVE-2011-0002
The important thing is to include the CVE identifier(s) somewhere in the
commit log - I may end up developing some tools for extracting that
information from our commits in the future.
Just FYI for now - this isn't documented anywhere yet.
Thanks,
Scott
--
Scott Garman
Embedded Linux Distro Engineer - Yocto Project
Intel Open Source Technology Center
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2011-01-27 15:59 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <cover.1296105920.git.edwin.zhai@intel.com>
[not found] ` <600acc9d3bd9271836ab244de7c072ffe11caec2.1296105920.git.edwin.zhai@intel.com>
2011-01-27 15:59 ` [PATCH 2/4] libuser: Upgrade from 0.56.18 to 0.57.1 Scott Garman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.