On Sat, Nov 26, 2016 at 09:51:30AM +0100, Marius Bakke wrote:
> Leo Famulari writes:
>
> > This patch should fix the bugs named here:
> >
> > http://seclists.org/oss-sec/2016/q4/517
> >
> > I copied Debian's approach, which is to take all the recent patches for
> > the vulnerable component (the F
Leo Famulari writes:
> I wondered how to split the patches up here. I don't know how to name
> the first two patches, since the CVE bug fixes are spread between them.
I tend to use or abbreviate the commit title, if there is no obvious
'fix-foo' available.
signature.asc
Description: PGP signat
On Sat, Nov 26, 2016 at 09:51:30AM +0100, Marius Bakke wrote:
> Leo Famulari writes:
> > The CVE bug fixes are not split into discrete patches, so it doesn't
> > work to make patches for each CVE ID, like we normally do.
> >
> > Is this approach (concatenating the patches) okay?
>
> I prefer havi
Leo Famulari writes:
> This patch should fix the bugs named here:
>
> http://seclists.org/oss-sec/2016/q4/517
>
> I copied Debian's approach, which is to take all the recent patches for
> the vulnerable component (the FLIC decoder).
>
> My understanding is that the first two patches fix the CVEs,
This patch should fix the bugs named here:
http://seclists.org/oss-sec/2016/q4/517
I copied Debian's approach, which is to take all the recent patches for
the vulnerable component (the FLIC decoder).
My understanding is that the first two patches fix the CVEs, the 3rd
fixes an unrelated bug, and
