Re: CVE fixes in kernel-3.16.7-200.fc20

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Am 31.10.2014 um 12:33 schrieb Josh Boyer:

On Fri, Oct 31, 2014 at 06:09:13AM +0100, Reindl Harald wrote:

i wonder if 3.16.7 contains all the 3.16.3 CVE-fixes from
https://koji.fedoraproject.org/koji/buildinfo?buildID=587751 and the
previous 3.16.6 ones from Fedora because
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.7 dont
mention them?


They weren't added upstream, which is why the upstream ChangeLog doesn't
list them.  Sometimes the CVE information for a patch isn't listed there
anyway.  They're still in the Fedora kernel build of the same as
add-on patches. This happens quite frequently


thanks for feedback
good to know - sadly that the upstream changelog don't start with a seperate paragraph listing fixed CVE's independent of the commit-log 


_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel
[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Tux]     [Yosemite News]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [USB]     [Asterisk PBX]

  Powered by Linux