On Mon, 2021-09-13 at 11:55 +0100, Richard Purdie wrote: > On Mon, 2021-09-13 at 16:33 +0800, Chen Qi wrote: > > Just found that Ross has sent out a patch for CVE-2021-38185 and it > > has > > been merged in hardknott. > > So please ignore this patch. > > > > I'm also curious about how you spot such issue. By double checking > > the > > commit logs in cpio repo? > > I had looked at this one a little as well. I'd looked at some of the > discussion > from the debian community on the CVE and noticed they talked about > regressions, > which prompts you to look further into the issue. >
Yeah, that's what I had done too. Debian tracker has a nice summary: https://security-tracker.debian.org/tracker/CVE-2021-38185 Thanks, Anuj
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#155998): https://lists.openembedded.org/g/openembedded-core/message/155998 Mute This Topic: https://lists.openembedded.org/mt/85568271/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-