On Tue, 2021-05-25 at 12:50 +0000, Andrej Valek wrote: > Hello everyone, > > I have an another question regarding to backporting this to dunfell branch. > Is it possible to apply this upgrade to this branch? I would like to have > an very important fix for CVE-2013-0340 > (https://github.com/libexpat/libexpat/pull/220) > there. But there is a lot of changes, means just applying the patch is not > very promising. > > How we can handle it?
Adding Steve to Cc. It is possible if there is a good case for it and there aren't bad side effects from the change. I don't know enough about expat here to comment on that. I suspect we should be adding something to the expat recipe to make it match libexpat CVEs, maybe CVE_PRODUCT = "libexpat"? Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#152241): https://lists.openembedded.org/g/openembedded-core/message/152241 Mute This Topic: https://lists.openembedded.org/mt/83074955/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
