On Sat, Nov 26, 2016 at 09:51:30AM +0100, Marius Bakke wrote:
> Leo Famulari writes:
>
> > This patch should fix the bugs named here:
> >
> > http://seclists.org/oss-sec/2016/q4/517
> >
> > I copied Debian's approach, which is to take all the recent patches for
> > the vulnerable component (the F
Leo Famulari writes:
> I wondered how to split the patches up here. I don't know how to name
> the first two patches, since the CVE bug fixes are spread between them.
I tend to use or abbreviate the commit title, if there is no obvious
'fix-foo' available.
signature.asc
Description: PGP signat
On Sat, Nov 26, 2016 at 09:51:30AM +0100, Marius Bakke wrote:
> Leo Famulari writes:
> > The CVE bug fixes are not split into discrete patches, so it doesn't
> > work to make patches for each CVE ID, like we normally do.
> >
> > Is this approach (concatenating the patches) okay?
>
> I prefer havi
Leo Famulari writes:
> This patch should fix the bugs named here:
>
> http://seclists.org/oss-sec/2016/q4/517
>
> I copied Debian's approach, which is to take all the recent patches for
> the vulnerable component (the FLIC decoder).
>
> My understanding is that the first two patches fix the CVEs,
