From: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
To: Manoj Saun <manojsingh.saun@windriver.com>,
"openembedded-core@lists.openembedded.org"
<openembedded-core@lists.openembedded.org>
Cc: "archana.polampalli@windriver.com"
<archana.polampalli@windriver.com>,
"narpat.mali@windriver.com" <narpat.mali@windriver.com>,
"hari.gpillai@windriver.com" <hari.gpillai@windriver.com>
Subject: RE: [OE-core] [meta-core][PATCH 1/1] libksba: fix CVE-2022-3515
Date: Fri, 9 Dec 2022 07:30:58 +0000 [thread overview]
Message-ID: <dfdfacc4e5204530b07e1817dcd21e9c@axis.com> (raw)
In-Reply-To: <20221209061130.3794053-1-manojsingh.saun@windriver.com>
> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> On Behalf Of Manoj Saun
> Sent: den 9 december 2022 07:12
> To: openembedded-core@lists.openembedded.org
> Cc: archana.polampalli@windriver.com; narpat.mali@windriver.com; hari.gpillai@windriver.com; Manoj Saun <manojsingh.saun@windriver.com>
> Subject: [OE-core] [meta-core][PATCH 1/1] libksba: fix CVE-2022-3515
>
> libksba: integer overflow may lead to remote code execution.
May I suggest using the above as subject instead of the current subject?
E.g.:
libksba: Avoid integer overflow that may lead to remote code execution
It is much more informative about what the commit actually does than the
CVE number. The CVE reference below should be enough for anyone looking
for more information.
>
> Reference:
> https://www.gnupg.org/blog/20221017-pepe-left-the-ksba.html
>
> Upstream-Status: Backport [https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=4b7d9cd4a018898d7714ce06f3faf2626c14582b]
>
> CVE: CVE-2022-3515
>
> Signed-off-by: Manoj Saun <manojsingh.saun@windriver.com>
//Peter
next prev parent reply other threads:[~2022-12-09 7:31 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-12-09 6:11 [meta-core][PATCH 1/1] libksba: fix CVE-2022-3515 Manoj Saun
2022-12-09 7:30 ` Peter Kjellerstedt [this message]
2022-12-09 7:57 ` [OE-core] " Alexandre Belloni
-- strict thread matches above, loose matches on Subject: below --
2022-12-08 6:27 Manoj Saun
2022-12-08 9:23 ` [OE-core] " Alexandre Belloni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=dfdfacc4e5204530b07e1817dcd21e9c@axis.com \
--to=peter.kjellerstedt@axis.com \
--cc=archana.polampalli@windriver.com \
--cc=hari.gpillai@windriver.com \
--cc=manojsingh.saun@windriver.com \
--cc=narpat.mali@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox