[Buildroot] [PATCH v3 02/14] package/qt6/qt6base: patch CVE-2024-33861
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Mon May 13 11:59:11 UTC 2024
Hell Jesse, Hello Roy,
On Mon, 13 May 2024 13:05:05 +0200
Jesse Van Gavere <jesseevg at gmail.com> wrote:
> > I assume I should add this information to the commit message and make a v4
> > patch-set?
>
> Personally I don't see why that would be necessary, it's applicable to your
> version bump only and it's a valid CVE identifier (even if reserved for the
> moment) that can be looked up, putting the exact same CVE info in the
> commit for the patch seems a bit redundant
Well, in fact in this particular case, the CVE fix should be directly
with the version bump, and indeed clarify in the commit log why it is
together with the version bump. Also, QT6BASE_IGNORE_CVES variable will
be needed in qt6base.mk.
I'd say no need to resend the full series for this at this point. I'll
try to apply some parts of it, and see if I have other review comments
for the rest.
Thanks!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
More information about the buildroot
mailing list