From: "Zhenhua Luo" <zhenhua.luo@nxp.com>
To: zangrc <zangrc.fnst@cn.fujitsu.com>
Cc: "meta-freescale@lists.yoctoproject.org"
<meta-freescale@lists.yoctoproject.org>
Subject: Re: [meta-freescale] CVE related consulting on linux-qoriq
Date: Fri, 27 Mar 2020 03:53:37 +0000 [thread overview]
Message-ID: <VI1PR04MB52945ADE445FEDF70968D25BEECC0@VI1PR04MB5294.eurprd04.prod.outlook.com> (raw)
In-Reply-To: <298fbe7f-5620-8d01-eb05-243936ad9f21@cn.fujitsu.com>
Yes, the CVE fixes are integrated in SDK kernel, the patch of CVE-2019-14814 will be included in the next LSDK which will be available in this April.
Best Regards,
Zhenhua
> -----Original Message-----
> From: zangrc <zangrc.fnst@cn.fujitsu.com>
> Sent: Friday, March 27, 2020 11:22 AM
> To: Zhenhua Luo <zhenhua.luo@nxp.com>
> Cc: meta-freescale@lists.yoctoproject.org
> Subject: Re: [meta-freescale] CVE related consulting on linux-qoriq
>
> Hi,
> Our team found that there are currently some CVE patches on some branches
> that are also applicable to other branches. May I ask if NXP has any
> corresponding measures to deal with this situation.
> E.g:
> CVE-2019-14814 has been fixed on the v5.3 branch and is not fixed on v4.19. But
> it also should be applied to v4.19.
>
> Best Regards,
> Zang Ruochen
> On 3/25/20 11:54 AM, Zhenhua Luo wrote:
> > Hi Ruochen,
> >
> > Are those CVE patches developed for kernel tree or meta-freescale layer? May
> I know which kernel version you are working? I can check the process.
> >
> >
> > Best Regards,
> >
> > Zhenhua
> >
> >> -----Original Message-----
> >> From: meta-freescale@lists.yoctoproject.org <meta-
> >> freescale@lists.yoctoproject.org> On Behalf Of zangrc via
> >> Lists.Yoctoproject.Org
> >> Sent: Wednesday, March 25, 2020 11:36 AM
> >> To: meta-freescale@lists.yoctoproject.org
> >> Cc: meta-freescale@lists.yoctoproject.org
> >> Subject: [meta-freescale] CVE related consulting on linux-qoriq
> >>
> >> Hi,
> >>
> >> Our team is going to work on the CVE correction of linux-qoriq.
> >> I wonder if we submit such patches, will they be merged? If yes,
> >> which ML should I send?
> >>
> >> Best Regards,
> >> Zang Ruochen
> >>
> >>
> >
> >
>
prev parent reply other threads:[~2020-03-27 3:53 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-25 3:35 CVE related consulting on linux-qoriq zangrc
2020-03-25 3:54 ` [meta-freescale] " Zhenhua Luo
2020-03-27 3:22 ` zangrc
2020-03-27 3:53 ` Zhenhua Luo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=VI1PR04MB52945ADE445FEDF70968D25BEECC0@VI1PR04MB5294.eurprd04.prod.outlook.com \
--to=zhenhua.luo@nxp.com \
--cc=meta-freescale@lists.yoctoproject.org \
--cc=zangrc.fnst@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).