From: Michael Opdenacker <michael.opdenacker@bootlin.com>
To: Paul Eggleton <bluelightning@bluelightning.org>
Cc: docs@lists.yoctoproject.org
Subject: Re: [PATCH 7/9] release-notes: Add CVEs, recipe upgrades and contributors for 5.0
Date: Mon, 15 Apr 2024 16:24:54 +0200 [thread overview]
Message-ID: <b29fd95b-fa84-4fd6-8eeb-5ec08f66c4e7@bootlin.com> (raw)
In-Reply-To: <d0182baa07ca6bb009b845fcadb1f7fce81a38bd.1713127068.git.bluelightning@bluelightning.org>
Hi Paul
Thanks for this update!
On 4/14/24 at 22:43, Paul Eggleton wrote:
> * Add CVEs from commits
> * Add recipe upgrades using layer index branch comparison
> * Add contributors from commits
>
> Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
> ---
> .../migration-guides/release-notes-5.0.rst | 564 +++++++++++++++++-
> 1 file changed, 563 insertions(+), 1 deletion(-)
>
> diff --git a/documentation/migration-guides/release-notes-5.0.rst b/documentation/migration-guides/release-notes-5.0.rst
> index 7767a4229d..21de79a638 100644
> --- a/documentation/migration-guides/release-notes-5.0.rst
> +++ b/documentation/migration-guides/release-notes-5.0.rst
> @@ -264,16 +264,578 @@ The following corrections have been made to the :term:`LICENSE` values set by re
> Security Fixes in 5.0
> ~~~~~~~~~~~~~~~~~~~~~
>
> +- avahi: :cve:`2023-1981`, :cve:`2023-38469-2`, :cve:`2023-38470-2`, :cve:`2023-38471-2`,
Oops, these last 3 don't work. For example,
https://nvd.nist.gov/vuln/detail/CVE-2023-38469-2 is invalid.
So, I replaced those with
:cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`
I hope that's correct, as they still point to Avahi CVEs.
> :cve:`2023-38469`, :cve:`2023-38470`, :cve:`2023-38471`, :cve:`2023-38472`, :cve:`2023-38473`
> +- bind: :cve:`2023-4408`, :cve:`2023-5517`, :cve:`2023-5679`, :cve:`2023-50387`
> +- bluez5: :cve:`2023-45866`
> +- coreutils: :cve:`2024-0684`
> +- cups: :cve:`2023-4504`
> +- curl: :cve:`2023-46218`
> +- expat: :cve:`2024-28757`
> +- gcc: :cve:`2023-4039`
> +- glibc: :cve:`2023-5156`, :cve:`2023-0687`
> +- gnutls: :cve:`2024-0553`, :cve:`2024-0567`, :cve:`2024-28834`, :cve:`2024-28835`
> +- go: :cve:`2023-45288`
> +- grub: :cve:`2023-4692`, :cve:`2023-4693`
> +- grub2: :cve:`2023-4001` (ignored), :cve:`2024-1048` (ignored)
> +- libgit2: :cve:`2024-24575`, :cve:`2024-24577`
> +- libsndfile1: :cve:`2022-33065`
> +- libssh2: :cve:`2023-48795`
> +- libuv: :cve:`2024-24806`
> +- libxml2: :cve:`2023-45322` (ignored)
> +- linux-yocto/6.6: :cve:`2020-16119`
> +- openssh: :cve:`2023-48795`, :cve:`2023-51384`, :cve:`2023-51385`
> +- openssl: :cve:`2023-5363`, :cve:`2023-5678`, :cve:`2023-6129`, :cve:`2023-6237`, :cve:`2024-0727`
I had to replace :cve:`2023-6237 by :cve_mitre:`2023-6237` as this was a
"reserved" CVE.
>
> Contributors to 5.0
> ~~~~~~~~~~~~~~~~~~~
>
> Thanks to the following people who contributed to this release:
>
> +- Adam Johnston
> +- Adithya Balakumar
> +- Adrian Freihofer
> +- Alassane Yattara
> +- Alejandro Hernandez Samaniego
> +- Aleksey Smirnov
> +- Alexander Kanavin
> +- Alexander Lussier-Cullen
> +- Alexander Sverdlin
> +- Alexandre Belloni
> +- Alexandre Truong
> +- Alex Bennée
> +- Alexis Lothoré
> +- Alex Kiernan
> +- Alex Stewart
> +- André Draszik
> +- Anibal Limon
> +- Anuj Mittal
> +- Archana Polampalli
> +- Arne Schwerdt
> +- Bartosz Golaszewski
> +- Baruch Siach
> +- baruch@tkos.co.il
Removed that last line as this is the same person :)
Thanks
Michael.
--
Michael Opdenacker, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2024-04-15 14:25 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-14 20:43 [PATCH 0/9] Updates for the 5.0 release Paul Eggleton
2024-04-14 20:43 ` [PATCH 1/9] ref-manual: Add virtual-slash QA check Paul Eggleton
2024-04-14 20:43 ` [PATCH 2/9] ref-manual: add new python classes Paul Eggleton
2024-04-15 13:43 ` Michael Opdenacker
2024-04-14 20:43 ` [PATCH 3/9] classes: cve_check: add note about remote patches Paul Eggleton
2024-04-14 20:43 ` [PATCH 4/9] variables: add TARGET_DBGSRC_DIR Paul Eggleton
2024-04-14 20:43 ` [PATCH 5/9] dev-manual: update reference to sstate-cache-management script Paul Eggleton
2024-04-14 20:43 ` [PATCH 6/9] dev-manual: update custom distribution section Paul Eggleton
2024-04-15 14:04 ` Michael Opdenacker
2024-04-14 20:43 ` [PATCH 7/9] release-notes: Add CVEs, recipe upgrades and contributors for 5.0 Paul Eggleton
2024-04-15 14:24 ` Michael Opdenacker [this message]
2024-04-18 14:47 ` [docs] " Paul Eggleton
2024-04-18 15:26 ` Michael Opdenacker
2024-04-14 20:43 ` [PATCH 8/9] migration: Extend migration guide " Paul Eggleton
2024-04-15 14:41 ` Michael Opdenacker
2024-04-14 20:43 ` [PATCH 9/9] release-notes: additional features and one known issue " Paul Eggleton
2024-04-15 8:06 ` [docs] " Quentin Schulz
2024-04-15 15:22 ` Michael Opdenacker
2024-04-18 14:50 ` Paul Eggleton
2024-04-15 15:41 ` Michael Opdenacker
2024-04-15 15:43 ` [PATCH 0/9] Updates for the 5.0 release Michael Opdenacker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b29fd95b-fa84-4fd6-8eeb-5ec08f66c4e7@bootlin.com \
--to=michael.opdenacker@bootlin.com \
--cc=bluelightning@bluelightning.org \
--cc=docs@lists.yoctoproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox