[Buildroot] [PATCH 5/5] package/glibc: bump to 2.27
Baruch Siach
baruch at tkos.co.il
Tue Feb 6 13:46:47 UTC 2018
Hi Peter,
On Tue, Feb 06, 2018 at 02:44:36PM +0100, Peter Korsgaard wrote:
> >>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
>
> > On Tue, Feb 06, 2018 at 09:18:38AM +0100, Arnout Vandecappelle wrote:
> >> On 05-02-18 22:01, Baruch Siach wrote:
> >> > On Mon, Feb 05, 2018 at 09:57:16PM +0100, Romain Naour wrote:
> >> >> See: https://sourceware.org/ml/libc-announce/2018/msg00000.html
> >> >> https://sourceware.org/glibc/wiki/Release/2.27
> >> > Note that this is a security bump fixing CVE-2017-1000408, CVE-2017-1000409,
> >> > CVE-2017-16997, CVE-2018-1000001, and CVE-2018-6485.
> >>
> >> Even though this release fixes a number of CVEs, I wouldn't call it a security
> >> bump. Indeed, it also makes a number of potentially breaking feature updates,
> >> cfr. the memfd_create() change.
> >>
> >> So, I would indeed mention the CVE numbers in the commit message, but not put
> >> "security bump" in the title so that it doesn't mindlessly get applied to LTS
> >> branches.
> >>
> >> Now, in this particular case we made enough noise about it that it really
> >> doesn't matter what goes into the subject line :-) However I think it's good to
> >> converge on some conventions on how to tag LTS things.
>
> > I agree that this bump might not be suitable for the maintenance branches. But
> > I think we should consider it for the master branch, especially since we are
> > still early in the -rc cycle.
>
> Possibly, yes. Lets see how much blows up on next. Do you know if (some
> of) these issues are also fixed on the 2.26 branch?
As far as I know all these issues are fixed in the 2.26 stable branch. See the
NEWS file in that branch.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
More information about the buildroot
mailing list