[Buildroot] [PATCH 5/5] package/glibc: bump to 2.27
Peter Korsgaard
peter at korsgaard.com
Mon Feb 5 23:32:38 UTC 2018
>>>>> "Yann" == Yann E MORIN <yann.morin.1998 at free.fr> writes:
> Baruch, All,
> On 2018-02-05 23:01 +0200, Baruch Siach spake thusly:
>> On Mon, Feb 05, 2018 at 09:57:16PM +0100, Romain Naour wrote:
>> > See: https://sourceware.org/ml/libc-announce/2018/msg00000.html
>> > https://sourceware.org/glibc/wiki/Release/2.27
>> Note that this is a security bump fixing CVE-2017-1000408, CVE-2017-1000409,
>> CVE-2017-16997, CVE-2018-1000001, and CVE-2018-6485.
> There are 10 CVE listed in the release annoucement mail, but you list
> only five here. Why only those?
> Do we want to list all the CVEs fixed in a release? And if we don't list
> all, why do we even list only a subset?
> I don't think we should, especially since the release mail is linked to
> the commit log and has all the details.
For security bumps we normally DO list the CVEs for ease of use, E.G.:
commit d52cd750c762c78ebcf8623fab8a9c43c9419625
Author: Peter Korsgaard <peter at korsgaard.com>
Date: Sun Jan 28 20:23:02 2018 +0100
wireshark: security bump to version 2.2.12
Fixes the following security issues:
CVE-2017-17997: MRDISC dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-02.html
CVE-2018-5334: IxVeriWave file parser crash
https://www.wireshark.org/security/wnpa-sec-2018-03.html
CVE-2018-5335: WCP dissector crash
https://www.wireshark.org/security/wnpa-sec-2018-04.html
CVE-2018-5336: Multiple dissectors could crash
https://www.wireshark.org/security/wnpa-sec-2018-01.html
For more information, see the release notes:
https://www.wireshark.org/docs/relnotes/wireshark-2.2.12.html
While we are at it, also add as hash for license file.
Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
So I prefer to do that as well here.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list