[Buildroot] [PATCH 5/5] package/glibc: bump to 2.27
Baruch Siach
baruch at tkos.co.il
Tue Feb 6 04:15:04 UTC 2018
Hi Yann,
On Mon, Feb 05, 2018 at 10:41:57PM +0100, Yann E. MORIN wrote:
> On 2018-02-05 23:01 +0200, Baruch Siach spake thusly:
> > On Mon, Feb 05, 2018 at 09:57:16PM +0100, Romain Naour wrote:
> > > See: https://sourceware.org/ml/libc-announce/2018/msg00000.html
> > > https://sourceware.org/glibc/wiki/Release/2.27
> > Note that this is a security bump fixing CVE-2017-1000408, CVE-2017-1000409,
> > CVE-2017-16997, CVE-2018-1000001, and CVE-2018-6485.
>
> There are 10 CVE listed in the release annoucement mail, but you list
> only five here. Why only those?
Because all other CVEs were fixed in the 2.26 stable branch that we currently
use. See 971ed9653e (glibc: security bump to the latest 2.26 branch).
> Do we want to list all the CVEs fixed in a release? And if we don't list
> all, why do we even list only a subset?
We do list all. See above.
> I don't think we should, especially since the release mail is linked to
> the commit log and has all the details.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
More information about the buildroot
mailing list