On 02/24/2016 08:38 AM, Mark Hatle wrote: > On 2/23/16 6:14 PM, akuster808 wrote: >> >> >> On 02/23/2016 02:52 PM, Darcy Watkins wrote: >>> On Tue, 2016-02-23 at 13:51 -0800, Mark Hatle wrote: >>>> On 2/23/16 1:53 PM, Khem Raj wrote: >>>>> On Tue, Feb 23, 2016 at 2:25 PM, Darcy Watkins >>>>>> CVE-2015-7547 glibc vulnerability has been published as affecting glibc >>>>>> since ver 2.9 (fixed in 2.23 and patched in 2.22 and 2.21). >>>>>> >>>>>> Anyone know if we need the same security fixes in eglibc? >>>>> >>>>> yes you do. Eglibc was nothing but glibc+few fixes. >>>> >>>> Yes this affects all eglibc version 2.9 and newer up to glibc 2.23. >>>> >>>> As far as I'm aware, this affects all Yocto Project versions up to 2.0. >>> >>> I will be interested in knowing which Yocto Project versions will >>> receive the fixes. >> >> Master, 2.0 and 1.8 all have the fixes. >> How far back do we go in matters like this? > > Official support is current (in development) and the last two releases. So up > to about a year and a half of support. > > After this point, it becomes community support. This really means, if someone > in the community wants to continue support past the YP's support guidelines > they > are welcome to do so -- but there won't be any official releases, only > checkins > to the repository.
much better explanation than mine. thanks, Armin > > We have done this on some OpenSSL fixes in the past, but it was based on > specific requests and people submitting the fixes to be included with older > versions. > >> 1.7 (dizzy) I plan on doing soon. beyond that I do not know. those are >> all community supported. >> >> - armin >>> >>> Thanks in advance! >>> >>>> (The patch referenced by the security announcement applies to all of the >>>> versions of glibc I've needed to apply it to for my customers. A few >>>> per-line >>>> tweaks might be necessary, but it was fairly easy.) >>> >>> > -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
