On Mon, 2021-09-13 at 16:33 +0800, Chen Qi wrote: > Just found that Ross has sent out a patch for CVE-2021-38185 and it has > been merged in hardknott. > So please ignore this patch. > > I'm also curious about how you spot such issue. By double checking the > commit logs in cpio repo?
I had looked at this one a little as well. I'd looked at some of the discussion from the debian community on the CVE and noticed they talked about regressions, which prompts you to look further into the issue. Ross' patches in master included the regressions fixes too. Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155971): https://lists.openembedded.org/g/openembedded-core/message/155971 Mute This Topic: https://lists.openembedded.org/mt/85568271/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
