You probably should make a kirkstone mixin layer like we did for dunfell. https://git.yoctoproject.org/meta-lts-mixins/
Alex On Tue, 7 Mar 2023 at 07:32, Andrej Valek <andrej.va...@siemens.com> wrote: > > Hello everyone, > > I would like to ask you how to proceed with multiple CVEs for Google Go > component in kirkstone branch. > > CVEs in current version 1.17.13: > - CVE-2022-41722 > - CVE-2022-41725 > - CVE-2022-41724 > - CVE-2022-41723 > > They are fixed in 1.19.6/1.20.1 branches, but a fixing patches are > available for all of them too. Unfortunately there is more then ~1000 > changed LOC. So not sure if this is the right approach to apply them. > Not sure if the upgrade is acceptable. > > So how to proceed with this? > > I know, that they aren't a critical one, but would be nice to have them > fixed. > > Regards, > Andrej > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178090): https://lists.openembedded.org/g/openembedded-core/message/178090 Mute This Topic: https://lists.openembedded.org/mt/97444547/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
