From 414bca6267f02843060e4e14ee4bbe20a91d53fd Mon Sep 17 00:00:00 2001 From: Solar Designer Date: Thu, 16 Nov 2023 00:39:40 +0100 Subject: [PATCH] Use relative cross-links between issue and package pages --- docs/issues/CVE-2023-23583.md | 2 +- docs/issues/CVE-2023-4911.md | 2 +- docs/packages/glibc.md | 2 +- docs/packages/microcode_ctl.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/issues/CVE-2023-23583.md b/docs/issues/CVE-2023-23583.md index 47d9e5a..cb1e642 100644 --- a/docs/issues/CVE-2023-23583.md +++ b/docs/issues/CVE-2023-23583.md @@ -24,7 +24,7 @@ Public disclosure date: November 14, 2023 - Fixed in version: `4:20231114-1.el9_2.security` available November 15, 2023 -Please refer to our [override package of microcode_ctl](/packages/microcode_ctl.md). +Please refer to our [override package of microcode_ctl](../packages/microcode_ctl.md). ## EL8 diff --git a/docs/issues/CVE-2023-4911.md b/docs/issues/CVE-2023-4911.md index aed5325..cd152bb 100644 --- a/docs/issues/CVE-2023-4911.md +++ b/docs/issues/CVE-2023-4911.md @@ -19,7 +19,7 @@ Public disclosure date: October 3, 2023 - Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023 - Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023 -Besides the upstream fix, we also retained the mitigation in our [override package of glibc](/packages/glibc.md). +Besides the upstream fix, we also retained the mitigation in our [override package of glibc](../packages/glibc.md). ## EL8 diff --git a/docs/packages/glibc.md b/docs/packages/glibc.md index aabb623..78c1f77 100644 --- a/docs/packages/glibc.md +++ b/docs/packages/glibc.md @@ -16,7 +16,7 @@ #### Known-effective vulnerability mitigations and fixes -`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](https://www.openwall.com/lists/oss-security/2023/10/03/2) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more). +`2.34-60.el9_2.security.0.2` included mitigations sufficient to avoid security exposure of [CVE-2023-4911](../issues/CVE-2023-4911.md) and a backport of upstream glibc fix of [CVE-2023-4527](https://www.openwall.com/lists/oss-security/2023/09/25/1) that was not yet in upstream EL. In the update to `2.34-60.7.el9_2.security.0.3`, we retained the mitigations while rebasing on upstream EL's package with upstream fixes for these vulnerabilities (and more). In general, inclusion of additional security fixes will be "reverted" if and when those get included in upstream EL packages that we rebase our changes on. diff --git a/docs/packages/microcode_ctl.md b/docs/packages/microcode_ctl.md index 1f84b24..016e4f6 100644 --- a/docs/packages/microcode_ctl.md +++ b/docs/packages/microcode_ctl.md @@ -7,7 +7,7 @@ ### Changes summary -- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](https://www.openwall.com/lists/oss-security/2023/11/14/4)), temporarily dropping most documentation patches +- Update Intel CPU microcode to microcode-20231114 (fixes [CVE-2023-23583](../issues/CVE-2023-23583.md)), temporarily dropping most documentation patches ### Change log