From: Robert Yang <liezhi.yang@windriver.com>
To: "Marko, Peter" <Peter.Marko@siemens.com>,
"openembedded-core@lists.openembedded.org"
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch
Date: Wed, 22 Jan 2025 15:34:11 +0800 [thread overview]
Message-ID: <cee14f1c-3390-4159-a8b4-93fa88365d42@windriver.com> (raw)
In-Reply-To: <AS1PR10MB569799A22EA3F64E73F632B0FDE62@AS1PR10MB5697.EURPRD10.PROD.OUTLOOK.COM>
On 1/22/25 00:41, Marko, Peter wrote:
> This is not correct.
>
> The patch CVE-2024-3596_00 does not fix any part of that CVE.
> As the commit message says, it's a style commit so that real CVE patches apply cleanly.
> If it bothers you that it has CVE in filename but no CVE, maybe rename it instead adding incorrect tag?
The cve patches can't be applied without it, may we should just leave it as the
current status.
// Robert
>
> Peter
>
>> -----Original Message-----
>> From: openembedded-core@lists.openembedded.org <openembedded-
>> core@lists.openembedded.org> On Behalf Of Robert Yang via
>> lists.openembedded.org
>> Sent: Monday, January 20, 2025 7:01
>> To: openembedded-core@lists.openembedded.org
>> Subject: [OE-core] [scarthgap][PATCH 1/1] wpa-supplicant: Add CVE id to CVE-
>> 2024-3596_00.patch
>>
>> From: Robert Yang <liezhi.yang@windriver.com>
>>
>> Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
>> ---
>> .../wpa-supplicant/wpa-supplicant/CVE-2024-3596_00.patch | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
>> 3596_00.patch b/meta/recipes-connectivity/wpa-supplicant/wpa-
>> supplicant/CVE-2024-3596_00.patch
>> index 7a8197d2b4..58e1327f2b 100644
>> --- a/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
>> 3596_00.patch
>> +++ b/meta/recipes-connectivity/wpa-supplicant/wpa-supplicant/CVE-2024-
>> 3596_00.patch
>> @@ -6,6 +6,7 @@ Subject: [PATCH 1/9] ieee802_11_auth: Coding style cleanup -
>> no string
>>
>> Signed-off-by: Jouni Malinen <j@w1.fi>
>>
>> +CVE: CVE-2024-3596
>> Upstream-Status: Backport
>> [https://w1.fi/cgit/hostap/commit/?id=945acf3ef06a6c312927da4fa055693dbac
>> 432d1]
>> Signed-off-by: Peter Marko <peter.marko@siemens.com>
>> ---
>> --
>> 2.44.1
>
prev parent reply other threads:[~2025-01-22 7:34 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-20 6:00 [scarthgap][PATCH 0/1] wpa-supplicant: Add CVE id to CVE-2024-3596_00.patch liezhi.yang
2025-01-20 6:00 ` [scarthgap][PATCH 1/1] " liezhi.yang
2025-01-21 16:41 ` [OE-core] " Marko, Peter
2025-01-22 7:34 ` Robert Yang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cee14f1c-3390-4159-a8b4-93fa88365d42@windriver.com \
--to=liezhi.yang@windriver.com \
--cc=Peter.Marko@siemens.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox