Message ID | 20240703164042.20929-1-ninette@thehoodiefirm.com |
---|---|
Headers | show |
Series | apache2:apache2-native: CVE status update | expand |
which branch is it for ? Please mark it accordingly in subject line see - https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#submitting-changes-to-stable-release-branches On Wed, Jul 3, 2024 at 9:40 AM Ninette Adhikari via lists.openembedded.org <ninette=thehoodiefirm.com@lists.openembedded.org> wrote: > > Update status for: CVE-2007-0450, CVE-2010-0425 > > The current version (2.4.59) is not affected. It only applies for Windows. > > Ninette Adhikari (1): > apache2:apache2-native: CVE status update > > meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 2 ++ > 1 file changed, 2 insertions(+) > > -- > 2.44.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#111229): https://lists.openembedded.org/g/openembedded-devel/message/111229 > Mute This Topic: https://lists.openembedded.org/mt/107022825/1997914 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [raj.khem@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
Hi Khem, This is meant for the 'master' branch. It is a status update for some CVEs. I'll make sure to include the branch name in the subject for future patches. For this patch, do I need to resend it with an updated subject line? Please let me know. Thanks so much! Ninette On Wed, Jul 3, 2024 at 9:49 AM Khem Raj <raj.khem@gmail.com> wrote: > which branch is it for ? > Please mark it accordingly in subject line see - > > https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#submitting-changes-to-stable-release-branches > > On Wed, Jul 3, 2024 at 9:40 AM Ninette Adhikari via > lists.openembedded.org > <ninette=thehoodiefirm.com@lists.openembedded.org> wrote: > > > > Update status for: CVE-2007-0450, CVE-2010-0425 > > > > The current version (2.4.59) is not affected. It only applies for > Windows. > > > > Ninette Adhikari (1): > > apache2:apache2-native: CVE status update > > > > meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 2 ++ > > 1 file changed, 2 insertions(+) > > > > -- > > 2.44.0 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#111229): > https://lists.openembedded.org/g/openembedded-devel/message/111229 > > Mute This Topic: https://lists.openembedded.org/mt/107022825/1997914 > > Group Owner: openembedded-devel+owner@lists.openembedded.org > > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [ > raj.khem@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > >
Please rebase it on latest master and see if it’s still needed On Wed, Jul 3, 2024 at 10:44 AM Ninette Adhikari <ninette@neighbourhood.ie> wrote: > Hi Khem, > This is meant for the 'master' branch. It is a status update for some CVEs. > I'll make sure to include the branch name in the subject for future > patches. For this patch, do I need to resend it with an updated subject > line? Please let me know. Thanks so much! > > Ninette > > On Wed, Jul 3, 2024 at 9:49 AM Khem Raj <raj.khem@gmail.com> wrote: > >> which branch is it for ? >> Please mark it accordingly in subject line see - >> >> https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#submitting-changes-to-stable-release-branches >> >> On Wed, Jul 3, 2024 at 9:40 AM Ninette Adhikari via >> lists.openembedded.org >> <ninette=thehoodiefirm.com@lists.openembedded.org> wrote: >> > >> > Update status for: CVE-2007-0450, CVE-2010-0425 >> > >> > The current version (2.4.59) is not affected. It only applies for >> Windows. >> > >> > Ninette Adhikari (1): >> > apache2:apache2-native: CVE status update >> > >> > meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 2 ++ >> > 1 file changed, 2 insertions(+) >> > >> > -- >> > 2.44.0 >> > >> > >> > -=-=-=-=-=-=-=-=-=-=-=- >> > Links: You receive all messages sent to this group. >> > View/Reply Online (#111229): >> https://lists.openembedded.org/g/openembedded-devel/message/111229 >> > Mute This Topic: https://lists.openembedded.org/mt/107022825/1997914 >> > Group Owner: openembedded-devel+owner@lists.openembedded.org >> > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub >> [raj.khem@gmail.com] >> > -=-=-=-=-=-=-=-=-=-=-=- >> > >> >
I pulled the latest and I see the apache2 version is updated to 2.4.60. But the CVE list <https://autobuilder.yocto.io/pub/non-release/patchmetrics-meta-oe/cve-status-master.txt> still has the following CVEs listed: CVE-2007-0450, CVE-2010-0425 I'll send a new patch against the latest master branch to update status of the CVEs. Thanks! Ninette On Wed, Jul 3, 2024 at 10:53 AM Khem Raj <raj.khem@gmail.com> wrote: > Please rebase it on latest master and see if it’s still needed > > On Wed, Jul 3, 2024 at 10:44 AM Ninette Adhikari <ninette@neighbourhood.ie> > wrote: > >> Hi Khem, >> This is meant for the 'master' branch. It is a status update for some >> CVEs. >> I'll make sure to include the branch name in the subject for future >> patches. For this patch, do I need to resend it with an updated subject >> line? Please let me know. Thanks so much! >> >> Ninette >> >> On Wed, Jul 3, 2024 at 9:49 AM Khem Raj <raj.khem@gmail.com> wrote: >> >>> which branch is it for ? >>> Please mark it accordingly in subject line see - >>> >>> https://docs.yoctoproject.org/dev/contributor-guide/submit-changes.html#submitting-changes-to-stable-release-branches >>> >>> On Wed, Jul 3, 2024 at 9:40 AM Ninette Adhikari via >>> lists.openembedded.org >>> <ninette=thehoodiefirm.com@lists.openembedded.org> wrote: >>> > >>> > Update status for: CVE-2007-0450, CVE-2010-0425 >>> > >>> > The current version (2.4.59) is not affected. It only applies for >>> Windows. >>> > >>> > Ninette Adhikari (1): >>> > apache2:apache2-native: CVE status update >>> > >>> > meta-webserver/recipes-httpd/apache2/apache2_2.4.59.bb | 2 ++ >>> > 1 file changed, 2 insertions(+) >>> > >>> > -- >>> > 2.44.0 >>> > >>> > >>> > -=-=-=-=-=-=-=-=-=-=-=- >>> > Links: You receive all messages sent to this group. >>> > View/Reply Online (#111229): >>> https://lists.openembedded.org/g/openembedded-devel/message/111229 >>> > Mute This Topic: https://lists.openembedded.org/mt/107022825/1997914 >>> > Group Owner: openembedded-devel+owner@lists.openembedded.org >>> > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub >>> [raj.khem@gmail.com] >>> > -=-=-=-=-=-=-=-=-=-=-=- >>> > >>> >>