On 24 September 2014 12:44, Sona Sarmadi <sona.sarm...@enea.com> wrote: >> As well as security fixes for the kernel, do you also cover security fixes >> for the >> userspace (i.e. everything else in oe-core)? Help keeping the rest of the >> system safe, and relevant fixes backported to the stable releases, is always >> welcome. > > Yes, we monitor oss-security public mailing list, as soon a new vulnerability > (CVE) in the Linux kernel or userspace is announced in that list, we try to > catch them and backport all which are relevant. We look for other sources as > well but oss-securiy (oss-secur...@lists.openwall.com) is a good > source/mailing list/ to detect vulnerabilities in open source products > (kernel & userspace).
Well this is convenient timing... I'm sure you've noticed the CVE in bash, will your team be able to submit patches for the releases we are supporting (1.4 onwards)? Ross -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto