From: Steve Sakoman <steve@sakoman.com>
To: "Ernst Sjöstrand" <ernst.sjostrand@lists.verisure.com>
Cc: "openembedded-core@lists.openembedded.org"
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [dunfell][PATCH v2] dropbear: Fix CVE-2020-36254
Date: Tue, 21 Dec 2021 03:57:05 -1000 [thread overview]
Message-ID: <CAOSpxdYt44zpYMZYLWMhvVBNFUmtPangBO7YheCaScynM1RUvQ@mail.gmail.com> (raw)
In-Reply-To: <c266b479d7567aabc0560d355ee407504d5ef62e.camel@lists.verisure.com>
On Tue, Dec 21, 2021 at 3:34 AM Ernst Sjöstrand
<ernst.sjostrand@lists.verisure.com> wrote:
>
> On Tue, 2021-12-21 at 14:07 +0100, Konrad Weihmann wrote:
> >
> > On 21.12.21 14:02, Ernst Sjöstrand wrote:
> > > Dropbear shares a lot of code with other SSH implementations, so this is
> > > a port of CVE-2018-20685 to dropbear.
> > >
> > > Reference:
> > > https://urldefense.com/v3/__https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff__;!!BFCLnRDDbM3FOmw!qe9UYrBIPEc6nPIeOuTW0e0hW6_XwL0XE4vWFFUg-UeQcxixYMRQ__QllRTD9Iw88H1k2OWm0g$
> > >
> > > Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com>
> >
> > This is missing an Upstream-Status entry - in this case that should be
> > "Upstream-Status: Backport"
>
> Should that line go in the .patch file, the commit message or both?
> I guess both?
See the "Patch name convention and commit message" section at:
https://wiki.yoctoproject.org/wiki/Security
Thanks for helping out with CVE fixes!
Steve
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#159918): https://lists.openembedded.org/g/openembedded-core/message/159918
> Mute This Topic: https://lists.openembedded.org/mt/87876568/3620601
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
next prev parent reply other threads:[~2021-12-21 13:57 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <16C2B9B88AD918F7.22520@lists.openembedded.org>
2021-12-21 13:02 ` [dunfell][PATCH v2] dropbear: Fix CVE-2020-36254 Ernst Sjöstrand
2021-12-21 13:07 ` [OE-core] " Konrad Weihmann
2021-12-21 13:34 ` Ernst Sjöstrand
2021-12-21 13:57 ` Steve Sakoman [this message]
2021-12-21 14:24 ` [dunfell][PATCH v3] " Ernst Sjöstrand
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAOSpxdYt44zpYMZYLWMhvVBNFUmtPangBO7YheCaScynM1RUvQ@mail.gmail.com \
--to=steve@sakoman.com \
--cc=ernst.sjostrand@lists.verisure.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.