[poky] [PATCH 2/4] libuser: Upgrade from 0.56.18 to 0.57.1
Scott Garman
scott.a.garman at intel.com
Thu Jan 27 07:59:51 PST 2011
On 01/26/2011 09:29 PM, poky-bounces at yoctoproject.org wrote:
> From: Zhai Edwin<edwin.zhai at intel.com>
>
> This can fix the vulnerable issue @ http://secunia.com/advisories/42891/
This isn't a big deal at the moment, but I'm thinking about establishing
a best practice going forward to document security-related fixes. The
CVE number is regarded as the universal identifier, so something like
the following is preferred:
* Addresses CVE-2011-0002
The important thing is to include the CVE identifier(s) somewhere in the
commit log - I may end up developing some tools for extracting that
information from our commits in the future.
Just FYI for now - this isn't documented anywhere yet.
Thanks,
Scott
--
Scott Garman
Embedded Linux Distro Engineer - Yocto Project
Intel Open Source Technology Center
More information about the poky
mailing list