Hello Alex, Yes, that would an option, but afaik it wasn't working quite well. So I would still prefer a straight forward solution.
Should I spend some time for creating such patches? Means if there will be a potential option for being accepted? Andrej On Tue, 2023-03-07 at 07:37 +0100, Alexander Kanavin wrote: > You probably should make a kirkstone mixin layer like we did for > dunfell. > https://git.yoctoproject.org/meta-lts-mixins/ > > Alex > > On Tue, 7 Mar 2023 at 07:32, Andrej Valek <andrej.va...@siemens.com> > wrote: > > > > Hello everyone, > > > > I would like to ask you how to proceed with multiple CVEs for > > Google Go > > component in kirkstone branch. > > > > CVEs in current version 1.17.13: > > - CVE-2022-41722 > > - CVE-2022-41725 > > - CVE-2022-41724 > > - CVE-2022-41723 > > > > They are fixed in 1.19.6/1.20.1 branches, but a fixing patches are > > available for all of them too. Unfortunately there is more then > > ~1000 > > changed LOC. So not sure if this is the right approach to apply > > them. > > Not sure if the upgrade is acceptable. > > > > So how to proceed with this? > > > > I know, that they aren't a critical one, but would be nice to have > > them > > fixed. > > > > Regards, > > Andrej > > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#178094): https://lists.openembedded.org/g/openembedded-core/message/178094 Mute This Topic: https://lists.openembedded.org/mt/97444547/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
