From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id ACFAAC77B75 for ; Wed, 17 May 2023 08:33:18 +0000 (UTC) Subject: Re: [PATCH] ncurses: Update 6.4 -> 6.4+20230514 To: openembedded-core@lists.openembedded.org From: "Florin Diaconescu" X-Originating-Location: Voluntari, Ilfov, RO (92.87.113.28) X-Originating-Platform: Windows Firefox 112 User-Agent: GROUPS.IO Web Poster MIME-Version: 1.0 Date: Wed, 17 May 2023 01:33:14 -0700 References: In-Reply-To: Message-ID: <22447.1684312394039938972@lists.openembedded.org> Content-Type: multipart/alternative; boundary="DqKf3HyR26BmB94kJyRV" List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Wed, 17 May 2023 08:33:18 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/181476 --DqKf3HyR26BmB94kJyRV Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable What's the reasoning behind updating ncurses from 6.3 to 6.3+20220423 in Ki= rkstone, then? https://git.yoctoproject.org/poky/commit/meta/recipes-core/ncurses?h=3Dkirk= stone&id=3De13ce12e4ad79100bd45c751203040ce2a6f1920 Looks like they updated for fixing a CVE as well, and they did not backport= the patch on top of 6.3. "CVE: CVE-2022-29458" Florin --DqKf3HyR26BmB94kJyRV Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable What's the reasoning behind updating ncurses from 6.3 to 6.3+20220423 in Ki= rkstone, then?
https://git.yoctoproject.or= g/poky/commit/meta/recipes-core/ncurses?h=3Dkirkstone&id=3De13ce12e4ad7= 9100bd45c751203040ce2a6f1920

Looks like they updated for fix= ing a CVE as well, and they did not backport the patch on top of 6.3.
= "CVE: CVE-2022-29458"

Florin --DqKf3HyR26BmB94kJyRV--