On 02/23/2016 02:52 PM, Darcy Watkins wrote: > On Tue, 2016-02-23 at 13:51 -0800, Mark Hatle wrote: >> On 2/23/16 1:53 PM, Khem Raj wrote: >>> On Tue, Feb 23, 2016 at 2:25 PM, Darcy Watkins >>>> CVE-2015-7547 glibc vulnerability has been published as affecting glibc >>>> since ver 2.9 (fixed in 2.23 and patched in 2.22 and 2.21). >>>> >>>> Anyone know if we need the same security fixes in eglibc? >>> >>> yes you do. Eglibc was nothing but glibc+few fixes. >> >> Yes this affects all eglibc version 2.9 and newer up to glibc 2.23. >> >> As far as I'm aware, this affects all Yocto Project versions up to 2.0. > > I will be interested in knowing which Yocto Project versions will > receive the fixes.
Master, 2.0 and 1.8 all have the fixes. How far back do we go in matters like this? 1.7 (dizzy) I plan on doing soon. beyond that I do not know. those are all community supported. - armin > > Thanks in advance! > >> (The patch referenced by the security announcement applies to all of the >> versions of glibc I've needed to apply it to for my customers. A few >> per-line >> tweaks might be necessary, but it was fairly easy.) > > -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto