On Tue, 2016-02-23 at 13:51 -0800, Mark Hatle wrote: > On 2/23/16 1:53 PM, Khem Raj wrote: > > On Tue, Feb 23, 2016 at 2:25 PM, Darcy Watkins > >> CVE-2015-7547 glibc vulnerability has been published as affecting glibc > >> since ver 2.9 (fixed in 2.23 and patched in 2.22 and 2.21). > >> > >> Anyone know if we need the same security fixes in eglibc? > > > > yes you do. Eglibc was nothing but glibc+few fixes. > > Yes this affects all eglibc version 2.9 and newer up to glibc 2.23. > > As far as I'm aware, this affects all Yocto Project versions up to 2.0.
I will be interested in knowing which Yocto Project versions will receive the fixes. How far back do we go in matters like this? Thanks in advance! > (The patch referenced by the security announcement applies to all of the > versions of glibc I've needed to apply it to for my customers. A few per-line > tweaks might be necessary, but it was fairly easy.) -- Regards, Darcy --- Darcy Watkins Staff Engineer, Firmware Sierra Wireless 13811 Wireless Way, Richmond, BC Canada, V6V 3A4 [P1] -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
