This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Fix nan functions handling of payload strings (bug 16961, bug 16962)

On Fri, 4 Dec 2015, Carlos O'Donell wrote:

> The NEWS entry looks good to me.
> However, I agree with Florian that we need to call out the security related
> changes in a distinct section e.g. "Security related changes:", though I'm
> open to suggestions for how to name it or if it comes first or last in the
> list of changes.

I've committed the patch with the entry in such a section.

> Additionally I think it would be nice to put security+ bugs in their own
> bug list, which involves enhancing or running a different script with query
> to get the list of those bugs.

If we want to add such an option to, we should first 
review <> which 
makes it use argparse.  Then, you can add 
& to the URL to get security+ 
bugs (currently three such bugs are listed, 16962, 18240, and 18928, so a 
NEWS entry needs adding for 18240 and that for 18928 (LD_POINTER_GUARD) 
needs moving into the new section and updating to list the reporter.

However, if we're giving each such bug its own NEWS item I don't see the 
use in also having the abbreviated list of such bugs (making the script 
generate it may be helpful, however, in that the release instructions can 
say "make sure each bug listed by -s <version> has its 
own NEWS item in that section, naming the reporter and giving the CVE 
identifier").  We can put bug numbers and CVE identifiers in the bugs' own 
NEWS items if we wish.

Joseph S. Myers

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]