From: Julien Olivain via buildroot <buildroot@buildroot.org>
To: Giulio Benetti <giulio.benetti@benettiengineering.com>
Cc: Petr Vorel <petr.vorel@gmail.com>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH] package/nfs-utils: security bump version to 2.8.7
Date: Mon, 16 Mar 2026 22:28:40 +0100 [thread overview]
Message-ID: <0779d55b109fcf2a058641faadd8af26@free.fr> (raw)
In-Reply-To: <cc8642ba-44aa-4971-b682-52bf3abe5dd8@benettiengineering.com>
Hi Giulio,
On 16/03/2026 11:54, Giulio Benetti wrote:
> On 3/16/26 11:53, Giulio Benetti wrote:
>> Hi Julien and Petr,
>>
>> On 3/16/26 00:07, Petr Vorel wrote:
>>> Hi Julien,
>>>
>>>> Hi Giulio,
>>>
>>>> On 13/03/2026 22:10, Giulio Benetti wrote:
>>>>> Release announce:
>>>>> https://lore.kernel.org/linux-
>>>>> nfs/4d11b9d7-7b49-4a1e-8c26-29ecb2fefe2f@redhat.com/
>>>
>>>> The commit title says it is a "security" bump. I can't find any
>>>> reference to
>>>> security
>>>> fixes in the release note. Could you provide details?
>>>
>>>> Or is it a copy paste error from the previous bump?
>>>> https://gitlab.com/buildroot.org/buildroot/-/
>>>> commit/7dfd2feb445c2cf83a2b52057fab96e72e42a071
>>>
>>>> In the later case, no need to send a v2, I'll just remove "security"
>>>> while
>>>> applying.
>>>
>>> I'd also say it's just a copy paste from 2.8.6. 2.8.7 seems to me
>>> only a bugfix
>>> release.
>>
>> I interpret commit [1] as a security commit, but maybe I'm wrong.
>> It's not a CVE or similar but to me it sounds like a security commit,
>> this is why subject is " security bump..".
>
> [1]:
> https://www.kernel.org/pub/linux/utils/nfs-utils/2.8.7/2.8.7-Changelog
Applied to master, thanks.
I removed "security" in the commit title. While I agree that using
uninitialized data from the stack might be a security issue, we
generally flag updates in Buildroot as "security" when there is a
mention in the release note, a CVE assigned, or an advisory. This
"bugfix" release will go in Buildroot LTS branches anyway.
>> Best regards
>> Giulio
>>
>>> Kind regards,
>>> Petr
>>>
>>>>> Signed-off-by: Giulio Benetti
>>>>> <giulio.benetti@benettiengineering.com>
>>>
>>>> Best regards,
>>>
>>>> Julien.
Best regards,
Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2026-03-16 21:28 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-13 21:10 [Buildroot] [PATCH] package/nfs-utils: security bump version to 2.8.7 Giulio Benetti
2026-03-14 19:57 ` Petr Vorel
2026-03-15 10:17 ` Julien Olivain via buildroot
2026-03-15 23:07 ` Petr Vorel
2026-03-16 10:53 ` Giulio Benetti
2026-03-16 10:54 ` Giulio Benetti
2026-03-16 21:28 ` Julien Olivain via buildroot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0779d55b109fcf2a058641faadd8af26@free.fr \
--to=buildroot@buildroot.org \
--cc=giulio.benetti@benettiengineering.com \
--cc=ju.o@free.fr \
--cc=petr.vorel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox