From: Peter Korsgaard <peter@korsgaard.com>
To: Giulio Benetti <giulio.benetti@benettiengineering.com>
Cc: buildroot@buildroot.org,
Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Subject: Re: [Buildroot] [PATCH v2] package/bind: security bump version to 9.20.17
Date: Wed, 04 Feb 2026 10:55:13 +0100 [thread overview]
Message-ID: <87ms1o7rzy.fsf@dell.be.48ers.dk> (raw)
In-Reply-To: <520804aa-cb63-4ca5-9355-76e3497376c6@benettiengineering.com> (Giulio Benetti's message of "Wed, 4 Feb 2026 10:49:19 +0100")
>>>>> "Giulio" == Giulio Benetti <giulio.benetti@benettiengineering.com> writes:
> On 2/4/26 10:46, Peter Korsgaard wrote:
>> > That's why I've pointed only those 2 CVEs. Was it correct?
>> No, they were fixes for issues only introduced in the 9.20.x series,
>> so
>> we were never vulnerable to them.
> But if we were bumping to 9.20.17 they were required, correct?
Yes, if we were to move to 9.20.x then we should naturally not move to a
version that introduces new known vulnerabilities - But as the version
we used before was not vulnerable to those issues it would be wrong to
say that the version bump fixes those two issues (E.G. the LTS
maintainers would think that they have to go to 9.20.x to fix security
issues, which is not the case).
> Otherwise really I don't get it
Hopefully the above makes it more clear?
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
next prev parent reply other threads:[~2026-02-04 9:55 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-03 11:06 [Buildroot] [PATCH v2] package/bind: security bump version to 9.20.17 Giulio Benetti
2026-02-03 11:28 ` Peter Korsgaard
2026-02-04 9:15 ` Giulio Benetti
2026-02-04 9:46 ` Peter Korsgaard
2026-02-04 9:49 ` Giulio Benetti
2026-02-04 9:55 ` Peter Korsgaard [this message]
2026-02-04 10:01 ` Giulio Benetti
2026-02-04 9:22 ` [Buildroot] [PATCH] package/bind: security bump version to 9.18.44 Giulio Benetti
2026-02-04 9:49 ` Peter Korsgaard
2026-02-13 19:40 ` Thomas Perale via buildroot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ms1o7rzy.fsf@dell.be.48ers.dk \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
--cc=giulio.benetti@benettiengineering.com \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox