diff options
| author | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2024-01-24 13:37:20 -0500 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2024-01-30 13:58:57 -0500 |
| commit | 443c10018cb1e33cd6a054c32eb62881f1dcfca2 (patch) | |
| tree | 51298cbb6ed2a8841805c581ff85795efdb37ba0 /advisories/GLIBC-SA-2023-0005 | |
| parent | 6cdc44214253a74e7140d75a7ebfc900820a5fa8 (diff) | |
| download | glibc-443c10018cb1e33cd6a054c32eb62881f1dcfca2.tar.gz glibc-443c10018cb1e33cd6a054c32eb62881f1dcfca2.tar.xz glibc-443c10018cb1e33cd6a054c32eb62881f1dcfca2.zip | |
Update advisory format and introduce some automation
Simplify the advisory format by dropping the -Backport tags and instead stick to using just the -Commit tags. To identify backports, put a substring of git-describe into the release version in the brackets next to the commit ref. This way, it not only identifies that the fix (or regression) is on the release/2.YY/master branch, it also disambiguates regressions/fixes in the branch from those in the tarball. Add a README to make it easier for consumers to understand the format. Additionally, the Release wiki needs to be updated to inform the release manager to: 1. Generate a NEWS snipped from the advisories directory AND 2. on release/2.YY/master, replace the advisories directory with a text file pointing to the advisories directory in master so that we don't have to update multiple locations. Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Reviewed-by: Andreas K. Hüttel <dilfridge@gentoo.org>
Diffstat (limited to 'advisories/GLIBC-SA-2023-0005')
| -rw-r--r-- | advisories/GLIBC-SA-2023-0005 | 22 |
1 files changed, 10 insertions, 12 deletions
diff --git a/advisories/GLIBC-SA-2023-0005 b/advisories/GLIBC-SA-2023-0005 index a518af803a..cc4eb90b82 100644 --- a/advisories/GLIBC-SA-2023-0005 +++ b/advisories/GLIBC-SA-2023-0005 @@ -6,15 +6,13 @@ flags set. CVE-Id: CVE-2023-5156 Public-Date: 2023-09-25 -Vulnerable-Commit: 973fe93a5675c42798b2161c6f29c01b0e243994 (pre-2.39) -Fix-Commit: ec6b95c3303c700eb89eebeda2d7264cc184a796 (2.39) -Vulnerable-Backport: e09ee267c03e3150c2c9ba28625ab130705a485e (2.34) -Vulnerable-Backport: e3ccb230a961b4797510e6a1f5f21fd9021853e7 (2.35) -Vulnerable-Backport: a9728f798ec7f05454c95637ee6581afaa9b487d (2.36) -Vulnerable-Backport: 6529a7466c935f36e9006b854d6f4e1d4876f942 (2.37) -Vulnerable-Backport: 00ae4f10b504bc4564e9f22f00907093f1ab9338 (2.38) -Fix-Backport: 8006457ab7e1cd556b919f477348a96fe88f2e49 (2.34) -Fix-Backport: 17092c0311f954e6f3c010f73ce3a78c24ac279a (2.35) -Fix-Backport: 856bac55f98dc840e7c27cfa82262b933385de90 (2.36) -Fix-Backport: 4473d1b87d04b25cdd0e0354814eeaa421328268 (2.37) -Fix-Backport: 5ee59ca371b99984232d7584fe2b1a758b4421d3 (2.38) +Vulnerable-Commit: e09ee267c03e3150c2c9ba28625ab130705a485e (2.34-420) +Vulnerable-Commit: e3ccb230a961b4797510e6a1f5f21fd9021853e7 (2.35-270) +Vulnerable-Commit: a9728f798ec7f05454c95637ee6581afaa9b487d (2.36-115) +Vulnerable-Commit: 6529a7466c935f36e9006b854d6f4e1d4876f942 (2.37-39) +Vulnerable-Commit: 00ae4f10b504bc4564e9f22f00907093f1ab9338 (2.38-20) +Fix-Commit: 8006457ab7e1cd556b919f477348a96fe88f2e49 (2.34-421) +Fix-Commit: 17092c0311f954e6f3c010f73ce3a78c24ac279a (2.35-272) +Fix-Commit: 856bac55f98dc840e7c27cfa82262b933385de90 (2.36-116) +Fix-Commit: 4473d1b87d04b25cdd0e0354814eeaa421328268 (2.37-42) +Fix-Commit: 5ee59ca371b99984232d7584fe2b1a758b4421d3 (2.38-24) |