[Buildroot] [PATCH 5/5] package/glibc: bump to 2.27
Baruch Siach
baruch at tkos.co.il
Tue Feb 6 10:50:19 UTC 2018
Hi Arnout,
On Tue, Feb 06, 2018 at 09:18:38AM +0100, Arnout Vandecappelle wrote:
> On 05-02-18 22:01, Baruch Siach wrote:
> > On Mon, Feb 05, 2018 at 09:57:16PM +0100, Romain Naour wrote:
> >> See: https://sourceware.org/ml/libc-announce/2018/msg00000.html
> >> https://sourceware.org/glibc/wiki/Release/2.27
> > Note that this is a security bump fixing CVE-2017-1000408, CVE-2017-1000409,
> > CVE-2017-16997, CVE-2018-1000001, and CVE-2018-6485.
>
> Even though this release fixes a number of CVEs, I wouldn't call it a security
> bump. Indeed, it also makes a number of potentially breaking feature updates,
> cfr. the memfd_create() change.
>
> So, I would indeed mention the CVE numbers in the commit message, but not put
> "security bump" in the title so that it doesn't mindlessly get applied to LTS
> branches.
>
> Now, in this particular case we made enough noise about it that it really
> doesn't matter what goes into the subject line :-) However I think it's good to
> converge on some conventions on how to tag LTS things.
I agree that this bump might not be suitable for the maintenance branches. But
I think we should consider it for the master branch, especially since we are
still early in the -rc cycle.
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
More information about the buildroot
mailing list