dizzy-next sync to dizzy

All of lore.kernel.org
 help / color / mirror / Atom feed

* dizzy-next sync to dizzy
@ 2015-10-20  0:09 akuster808
  2015-10-20 11:30 ` Otavio Salvador
  2015-10-20 15:41 ` Martin Jansa
  0 siblings, 2 replies; 5+ messages in thread
From: akuster808 @ 2015-10-20  0:09 UTC (permalink / raw)
  To: Martin Jansa, OpenEmbedded Devel List, Otavio Salvador

Hello Martin,

Are there issues with the changes in dizzy-next? need Otavio to signoff?

Dizzy behind by:

7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
0fb90be mariadb: Security Advisory -CVE-2015-2305
c580b62 libssh2: fix CVE-2015-1782
e00844e ptpd: disable libpcap detection via pcap-config



^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: dizzy-next sync to dizzy
  2015-10-20  0:09 dizzy-next sync to dizzy akuster808
@ 2015-10-20 11:30 ` Otavio Salvador
  2015-10-20 15:41 ` Martin Jansa
  1 sibling, 0 replies; 5+ messages in thread
From: Otavio Salvador @ 2015-10-20 11:30 UTC (permalink / raw)
  To: OpenEmbedded Devel List; +Cc: Otavio Salvador

On Mon, Oct 19, 2015 at 10:09 PM, akuster808 <akuster808@gmail.com> wrote:
> Hello Martin,
>
> Are there issues with the changes in dizzy-next? need Otavio to signoff?
>
> Dizzy behind by:
>
> 7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
> e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
> 0fb90be mariadb: Security Advisory -CVE-2015-2305
> c580b62 libssh2: fix CVE-2015-1782
> e00844e ptpd: disable libpcap detection via pcap-config

I am fine with those patches. They are clear bugfixes and should to be applied.

-- 
Otavio Salvador                             O.S. Systems
http://www.ossystems.com.br        http://code.ossystems.com.br
Mobile: +55 (53) 9981-7854            Mobile: +1 (347) 903-9750


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: dizzy-next sync to dizzy
  2015-10-20  0:09 dizzy-next sync to dizzy akuster808
  2015-10-20 11:30 ` Otavio Salvador
@ 2015-10-20 15:41 ` Martin Jansa
  2015-10-21 15:35   ` Martin Jansa
  1 sibling, 1 reply; 5+ messages in thread
From: Martin Jansa @ 2015-10-20 15:41 UTC (permalink / raw)
  To: akuster808; +Cc: OpenEmbedded Devel List, Otavio Salvador

[-- Attachment #1: Type: text/plain, Size: 646 bytes --]

On Mon, Oct 19, 2015 at 05:09:46PM -0700, akuster808 wrote:
> Hello Martin,
> 
> Are there issues with the changes in dizzy-next? need Otavio to signoff?

No issues, I was just waiting for one of you to request the merge.

Pushed now and new pull request pushed to dizzy-next.

> Dizzy behind by:
> 
> 7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
> e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
> 0fb90be mariadb: Security Advisory -CVE-2015-2305
> c580b62 libssh2: fix CVE-2015-1782
> e00844e ptpd: disable libpcap detection via pcap-config
> 

-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: dizzy-next sync to dizzy
  2015-10-20 15:41 ` Martin Jansa
@ 2015-10-21 15:35   ` Martin Jansa
  2015-10-21 19:45     ` akuster808
  0 siblings, 1 reply; 5+ messages in thread
From: Martin Jansa @ 2015-10-21 15:35 UTC (permalink / raw)
  To: akuster808; +Cc: OpenEmbedded Devel List, Otavio Salvador

[-- Attachment #1: Type: text/plain, Size: 1322 bytes --]

On Tue, Oct 20, 2015 at 05:41:09PM +0200, Martin Jansa wrote:
> On Mon, Oct 19, 2015 at 05:09:46PM -0700, akuster808 wrote:
> > Hello Martin,
> > 
> > Are there issues with the changes in dizzy-next? need Otavio to signoff?
> 
> No issues, I was just waiting for one of you to request the merge.
> 
> Pushed now and new pull request pushed to dizzy-next.

Hmm there seems to be an issue after all.

At least
7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
is missing in fido branch, both are using 2.9.3 version which is
affected.

I haven't tested other patches (except testing that they don't apply
cleanly to fido as they are) and haven't checked if we need them in
master/jethro branch.

But older releases shouldn't get fixes which are missing in newer
releases, otherwise people upgrading from dizzy to fido will get
suddenly vulnerable to this fuse issue probably without noticing.

Regards,

> > Dizzy behind by:
> > 
> > e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
> > 0fb90be mariadb: Security Advisory -CVE-2015-2305
> > c580b62 libssh2: fix CVE-2015-1782
> > e00844e ptpd: disable libpcap detection via pcap-config
> > 
> 
> -- 
> Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com



-- 
Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 188 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: dizzy-next sync to dizzy
  2015-10-21 15:35   ` Martin Jansa
@ 2015-10-21 19:45     ` akuster808
  0 siblings, 0 replies; 5+ messages in thread
From: akuster808 @ 2015-10-21 19:45 UTC (permalink / raw)
  To: Martin Jansa; +Cc: OpenEmbedded Devel List, Otavio Salvador

On 10/21/15 8:35 AM, Martin Jansa wrote:
> On Tue, Oct 20, 2015 at 05:41:09PM +0200, Martin Jansa wrote:
>> On Mon, Oct 19, 2015 at 05:09:46PM -0700, akuster808 wrote:
>>> Hello Martin,
>>>
>>> Are there issues with the changes in dizzy-next? need Otavio to signoff?
>> No issues, I was just waiting for one of you to request the merge.
>>
>> Pushed now and new pull request pushed to dizzy-next.
> Hmm there seems to be an issue after all.
>
> At least
> 7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
> is missing in fido branch, both are using 2.9.3 version which is
> affected.
>
> I haven't tested other patches (except testing that they don't apply
> cleanly to fido as they are) and haven't checked if we need them in
> master/jethro branch.
>
> But older releases shouldn't get fixes which are missing in newer
> releases, otherwise people upgrading from dizzy to fido will get
> suddenly vulnerable to this fuse issue probably without noticing.

you correct. Will work to correct that.

- armin
>
> Regards,
>
>>> Dizzy behind by:
>>>
>>> e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
>>> 0fb90be mariadb: Security Advisory -CVE-2015-2305
>>> c580b62 libssh2: fix CVE-2015-1782
>>> e00844e ptpd: disable libpcap detection via pcap-config
>>>
>> -- 
>> Martin 'JaMa' Jansa     jabber: Martin.Jansa@gmail.com
>
>



^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2015-10-21 19:45 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-20  0:09 dizzy-next sync to dizzy akuster808
2015-10-20 11:30 ` Otavio Salvador
2015-10-20 15:41 ` Martin Jansa
2015-10-21 15:35   ` Martin Jansa
2015-10-21 19:45     ` akuster808

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.