On 01/17/2016 03:54 AM, Khem Raj wrote: > Hi all > > upstream glibc and binutils release branches have been cut out and are being > made ready for next release > I have put together update patchset for both of them > > here are the branches > > https://github.com/kraj/openembedded-core/tree/kraj/binutils-2.26 > https://github.com/kraj/openembedded-core/tree/kraj/glibc-2.23
Several Security fixes will be included in glibc-2.23 update. https://bugzilla.yoctoproject.org/show_bug.cgi?id=8980 CVE-2015-8776 - Passing out of range data to strftime() causes a segfault https://sourceware.org/bugzilla/show_bug.cgi?id=18985 CVE-2015-8777 - LD_POINTER_GUARD is not ignored for privileged binaries https://sourceware.org/bugzilla/show_bug.cgi?id=18928 CVE-2015-8778 - hcreate((size_t)-1) should fail with ENOMEM https://sourceware.org/bugzilla/show_bug.cgi?id=18240 CVE-2014-9761 - nan function unbounded stack allocation https://sourceware.org/bugzilla/show_bug.cgi?id=16962 CVE-2015-8779 - catopen() Multiple unbounded stack allocations https://sourceware.org/bugzilla/show_bug.cgi?id=17905 > > FYI These are still using autorev to ensure that we test tip of release > branches > > Please give them a shot in your environments and report any issues you > encounter. BTW, Mips64 Octeon3 works fine. Aarch64 qemu boot tested. - Armin > > Thanks for help > > -Khem > > > > > -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel
