diff for duplicates of <568AB923.6080605@linux.intel.com> diff --git a/N1/2.bin b/N1/2.bin new file mode 100644 index 0000000..d59b350 --- /dev/null +++ b/N1/2.bin @@ -0,0 +1,59 @@ +<html> + <head> + <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> + </head> + <body text="#000000" bgcolor="#FFFFFF"> + <br> + <br> + <div class="moz-cite-prefix">On 12/16/2015 03:21 AM, Burton, Ross + wrote:<br> + </div> + <blockquote +cite="mid:CAJTo0LYO9ptJ4PDmR49N-Yw9TbTFGsuyCUBUc4zW2FLk2CNoWQ@mail.gmail.com" + type="cite"> + <div dir="ltr"> + <div class="gmail_extra"><br> + <div class="gmail_quote">On 16 December 2015 at 09:03, Sona + Sarmadi <span dir="ltr"><<a moz-do-not-send="true" + href="mailto:sona.sarmadi@enea.com" target="_blank">sona.sarmadi@enea.com</a>></span> + wrote:<br> + <blockquote class="gmail_quote" style="margin:0 0 0 + .8ex;border-left:1px #ccc solid;padding-left:1ex"> + <div id=":2ce" class="a3s" style="overflow:hidden">We are + supposed to have reference to the CVE identifier both in + the patch file/s<br> +  and the commit message(e.g. xxx- CVE-2013-6435.pacth) + according to the guidelines<br> + for "Patch name convention and commit message" in the + Yocto<br> + Wiki <a moz-do-not-send="true" + href="https://wiki.yoctoproject.org/wiki/Security" + rel="noreferrer" target="_blank">https://wiki.yoctoproject.org/wiki/Security</a>.<br> + <br> + If a patch address multiple CVEs, perhaps we should name + the patch:<br> + Fix-for-multiple-CVEs.patch and list all CVEs in the + patch file.<br> + <br> + Will this not solve the problem? Do you think there is + still need for a new tag "CVE"?</div> + </blockquote> + </div> + <br> + I'd say a new tag is essential if we want to automate tooling, + to reduce the chance of false-positives from simply searching + the patch for something that looks like a CVE reference.</div> + <div class="gmail_extra"><br> + </div> + <div class="gmail_extra">Ross</div> + </div> + </blockquote> + <br> + The conclusion of this thread is to add the tag "CVE" to the + metadata of submitted CVE patches. I will edit the wiki to show this + requirement.<br> + <br> + <div class="moz-signature">Mariano<br> + </div> + </body> +</html> diff --git a/N1/2.hdr b/N1/2.hdr new file mode 100644 index 0000000..b177056 --- /dev/null +++ b/N1/2.hdr @@ -0,0 +1,2 @@ +Content-Type: text/html; charset=utf-8\r +Content-Transfer-Encoding: 8bit\r diff --git a/a/content_digest b/N1/content_digest index 9821cb0..f2362af 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,14 +2,14 @@ "ref\03230301C09DEF9499B442BBE162C5E48ABABDD6C@SESTOEX04.enea.se\0" "ref\0CAJTo0LYO9ptJ4PDmR49N-Yw9TbTFGsuyCUBUc4zW2FLk2CNoWQ@mail.gmail.com\0" "From\0Mariano Lopez <mariano.lopez@linux.intel.com>\0" - "Subject\0Re: [OE-core] [RFC] Mark of upstream CVE patches\0" + "Subject\0Re: [RFC] Mark of upstream CVE patches\0" "Date\0Mon, 4 Jan 2016 12:25:39 -0600\0" "To\0Burton" Ross <ross.burton@intel.com> " Sona Sarmadi <sona.sarmadi@enea.com>\0" "Cc\0openembedded-devel@lists.openembedded.org <openembedded-devel@lists.openembedded.org>" " openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org>\0" - "\00:1\0" + "\01:1\0" "b\0" "\n" "\n" @@ -42,5 +42,66 @@ "submitted CVE patches. I will edit the wiki to show this requirement.\n" "\n" Mariano + "\01:2\0" + "b\0" + "<html>\r\n" + " <head>\r\n" + " <meta content=\"text/html; charset=utf-8\" http-equiv=\"Content-Type\">\r\n" + " </head>\r\n" + " <body text=\"#000000\" bgcolor=\"#FFFFFF\">\r\n" + " <br>\r\n" + " <br>\r\n" + " <div class=\"moz-cite-prefix\">On 12/16/2015 03:21 AM, Burton, Ross\r\n" + " wrote:<br>\r\n" + " </div>\r\n" + " <blockquote\r\n" + "cite=\"mid:CAJTo0LYO9ptJ4PDmR49N-Yw9TbTFGsuyCUBUc4zW2FLk2CNoWQ@mail.gmail.com\"\r\n" + " type=\"cite\">\r\n" + " <div dir=\"ltr\">\r\n" + " <div class=\"gmail_extra\"><br>\r\n" + " <div class=\"gmail_quote\">On 16 December 2015 at 09:03, Sona\r\n" + " Sarmadi <span dir=\"ltr\"><<a moz-do-not-send=\"true\"\r\n" + " href=\"mailto:sona.sarmadi@enea.com\" target=\"_blank\">sona.sarmadi@enea.com</a>></span>\r\n" + " wrote:<br>\r\n" + " <blockquote class=\"gmail_quote\" style=\"margin:0 0 0\r\n" + " .8ex;border-left:1px #ccc solid;padding-left:1ex\">\r\n" + " <div id=\":2ce\" class=\"a3s\" style=\"overflow:hidden\">We are\r\n" + " supposed to have reference to the CVE identifier both in\r\n" + " the patch file/s<br>\r\n" + " \302\240and the commit message(e.g.\302\240 xxx- CVE-2013-6435.pacth)\r\n" + " according to the guidelines<br>\r\n" + " for \"Patch name convention and commit message\" in the\r\n" + " Yocto<br>\r\n" + " Wiki <a moz-do-not-send=\"true\"\r\n" + " href=\"https://wiki.yoctoproject.org/wiki/Security\"\r\n" + " rel=\"noreferrer\" target=\"_blank\">https://wiki.yoctoproject.org/wiki/Security</a>.<br>\r\n" + " <br>\r\n" + " If a patch address multiple CVEs, perhaps we should name\r\n" + " the patch:<br>\r\n" + " Fix-for-multiple-CVEs.patch and list all CVEs in the\r\n" + " patch file.<br>\r\n" + " <br>\r\n" + " Will this not solve the problem? Do you think there is\r\n" + " still need for a new tag \"CVE\"?</div>\r\n" + " </blockquote>\r\n" + " </div>\r\n" + " <br>\r\n" + " I'd say a new tag is essential if we want to automate tooling,\r\n" + " to reduce the chance of false-positives from simply searching\r\n" + " the patch for something that looks like a CVE reference.</div>\r\n" + " <div class=\"gmail_extra\"><br>\r\n" + " </div>\r\n" + " <div class=\"gmail_extra\">Ross</div>\r\n" + " </div>\r\n" + " </blockquote>\r\n" + " <br>\r\n" + " The conclusion of this thread is to add the tag \"CVE\" to the\r\n" + " metadata of submitted CVE patches. I will edit the wiki to show this\r\n" + " requirement.<br>\r\n" + " <br>\r\n" + " <div class=\"moz-signature\">Mariano<br>\r\n" + " </div>\r\n" + " </body>\r\n" + "</html>\r\n" -2f98b29547fb6d3e2fc5dcfb4ab3d9b55b4f37c5f142938ff02f6c70204124f0 +ef796bec5dcf5086815b62e5edd620a7de00a312c76dff70f3816c890da05a83
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.