On 02/16/2016 06:34 AM, Alexander Kanavin wrote: > On 02/11/2016 09:08 PM, akuster808 wrote: >> this update includes: >> >> >> CVE-2015-7096 >> Versions affected: WebKitGTK+ before 2.10.5. >> >> CVE-2015-7098 >> Versions affected: WebKitGTK+ before 2.10.5. >> >> >> http://webkitgtk.org/security.html > > Yes, which means that jethro (which has 2.8.5) needs the same update.
there is a bug open for that 8877. there are a huge number of CVE's that need fixing. - armin > > Generally, this manual check for vulnerabilities is error-prone and > doesn't scale. We really should automate cve checks (using > cve-check-tool or something similar) when doing package builds, I'll try > to look if it's feasible. There's been an open bug for a long time: > > https://bugzilla.yoctoproject.org/show_bug.cgi?id=7515 > > > Alex -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
