-
Notifications
You must be signed in to change notification settings - Fork 720
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
opensc: multiple security vulnerablities require backports? #874
Comments
@citypw I see that its still in RC stage. Once 0.26 final is released, we need to upgrade the recipe. |
@kraj do you have plan to backport it to other branches like Kirkstone? There are some security backports still missing in Kirkstone: |
Usual policy is no major version upgrades into release branches. It will surely be in master when it happens. |
I understand the point. I saw some branches like Kirkstone did the security backports for OpenSC previously: It's still missing a couple of known vulnerabilities with CVE numbers. I'm curious what's the backport criteria. Will all CVEs backport to the branches or just some CVEs with higher impact? |
it really depends upon contributors. |
Okidoki, a PR with two backports: #876 |
There are multiple security vulnerabilities are fixed in OpenSC v0.26-rc1:
https://github.com/OpenSC/OpenSC/releases/tag/0.26.0-rc1
The text was updated successfully, but these errors were encountered: