subject:"\[oe\] dizzy\-next sync to dizzy"

Re: [oe] dizzy-next sync to dizzy

2015-10-21 Thread Martin Jansa

On Tue, Oct 20, 2015 at 05:41:09PM +0200, Martin Jansa wrote:
> On Mon, Oct 19, 2015 at 05:09:46PM -0700, akuster808 wrote:
> > Hello Martin,
> > 
> > Are there issues with the changes in dizzy-next? need Otavio to signoff?
> 
> No issues, I was just waiting for one of you to request the merge.
> 
> Pushed now and new pull request pushed to dizzy-next.

Hmm there seems to be an issue after all.

At least
7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
is missing in fido branch, both are using 2.9.3 version which is
affected.

I haven't tested other patches (except testing that they don't apply
cleanly to fido as they are) and haven't checked if we need them in
master/jethro branch.

But older releases shouldn't get fixes which are missing in newer
releases, otherwise people upgrading from dizzy to fido will get
suddenly vulnerable to this fuse issue probably without noticing.

Regards,

> > Dizzy behind by:
> > 
> > e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
> > 0fb90be mariadb: Security Advisory -CVE-2015-2305
> > c580b62 libssh2: fix CVE-2015-1782
> > e00844e ptpd: disable libpcap detection via pcap-config
> > 
> 
> -- 
> Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com

-- 
Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com

signature.asc
Description: Digital signature
-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [oe] dizzy-next sync to dizzy

2015-10-21 Thread akuster808

On 10/21/15 8:35 AM, Martin Jansa wrote:
> On Tue, Oct 20, 2015 at 05:41:09PM +0200, Martin Jansa wrote:
>> On Mon, Oct 19, 2015 at 05:09:46PM -0700, akuster808 wrote:
>>> Hello Martin,
>>>
>>> Are there issues with the changes in dizzy-next? need Otavio to signoff?
>> No issues, I was just waiting for one of you to request the merge.
>>
>> Pushed now and new pull request pushed to dizzy-next.
> Hmm there seems to be an issue after all.
>
> At least
> 7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
> is missing in fido branch, both are using 2.9.3 version which is
> affected.
>
> I haven't tested other patches (except testing that they don't apply
> cleanly to fido as they are) and haven't checked if we need them in
> master/jethro branch.
>
> But older releases shouldn't get fixes which are missing in newer
> releases, otherwise people upgrading from dizzy to fido will get
> suddenly vulnerable to this fuse issue probably without noticing.

you correct. Will work to correct that.

- armin
>
> Regards,
>
>>> Dizzy behind by:
>>>
>>> e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
>>> 0fb90be mariadb: Security Advisory -CVE-2015-2305
>>> c580b62 libssh2: fix CVE-2015-1782
>>> e00844e ptpd: disable libpcap detection via pcap-config
>>>
>> -- 
>> Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com
>
>

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [oe] dizzy-next sync to dizzy

2015-10-20 Thread Otavio Salvador

On Mon, Oct 19, 2015 at 10:09 PM, akuster808  wrote:
> Hello Martin,
>
> Are there issues with the changes in dizzy-next? need Otavio to signoff?
>
> Dizzy behind by:
>
> 7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
> e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
> 0fb90be mariadb: Security Advisory -CVE-2015-2305
> c580b62 libssh2: fix CVE-2015-1782
> e00844e ptpd: disable libpcap detection via pcap-config

I am fine with those patches. They are clear bugfixes and should to be applied.

-- 
Otavio Salvador O.S. Systems
http://www.ossystems.com.brhttp://code.ossystems.com.br
Mobile: +55 (53) 9981-7854Mobile: +1 (347) 903-9750
-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [oe] dizzy-next sync to dizzy

2015-10-20 Thread Martin Jansa

On Mon, Oct 19, 2015 at 05:09:46PM -0700, akuster808 wrote:
> Hello Martin,
> 
> Are there issues with the changes in dizzy-next? need Otavio to signoff?

No issues, I was just waiting for one of you to request the merge.

Pushed now and new pull request pushed to dizzy-next.

> Dizzy behind by:
> 
> 7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
> e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
> 0fb90be mariadb: Security Advisory -CVE-2015-2305
> c580b62 libssh2: fix CVE-2015-1782
> e00844e ptpd: disable libpcap detection via pcap-config
> 

-- 
Martin 'JaMa' Jansa jabber: martin.ja...@gmail.com


signature.asc
Description: Digital signature
-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] dizzy-next sync to dizzy

2015-10-19 Thread akuster808

Hello Martin,

Are there issues with the changes in dizzy-next? need Otavio to signoff?

Dizzy behind by:

7f1df52 fuse: fix for CVE-2015-3202 Privilege Escalation
e3dbf78 ipsec-tools: Security Advisory - CVE-2015-4047
0fb90be mariadb: Security Advisory -CVE-2015-2305
c580b62 libssh2: fix CVE-2015-1782
e00844e ptpd: disable libpcap detection via pcap-config

-- 
___
Openembedded-devel mailing list
Openembedded-devel@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Re: [oe] dizzy-next sync to dizzy

Re: [oe] dizzy-next sync to dizzy

Re: [oe] dizzy-next sync to dizzy

Re: [oe] dizzy-next sync to dizzy

[oe] dizzy-next sync to dizzy

5 matches

Site Navigation

Mail list logo

Footer information