diff options
| author | Xi Ruoyao <xry111@mengyan1223.wang> | 2022-02-25 12:10:04 +0800 |
|---|---|---|
| committer | Xi Ruoyao <xry111@mengyan1223.wang> | 2022-02-25 12:10:04 +0800 |
| commit | b0a6b0cedba1c78a27a8e3affc079673953c3901 (patch) | |
| tree | 5e81908e077f13f88a44ed69ee4e17f62d4748ab | |
| parent | ba2dc1b6a71e75615b103963349fbdf2727e3672 (diff) | |
mention that expat may delete vulnerable releases
| -rw-r--r-- | chapter03/introduction.xml | 9 | ||||
| -rw-r--r-- | chapter03/packages.xml | 9 |
2 files changed, 14 insertions, 4 deletions
diff --git a/chapter03/introduction.xml b/chapter03/introduction.xml index c0a89afac..c96f187b3 100644 --- a/chapter03/introduction.xml +++ b/chapter03/introduction.xml @@ -14,10 +14,11 @@ order to build a basic Linux system. The listed version numbers correspond to versions of the software that are known to work, and this book is based on their use. We highly recommend against using different versions because the build - commands for one version may not work with a different version. The newest package - versions may also have problems that require work-arounds. These work-arounds - will be developed and stabilized in the development version of the - book.</para> + commands for one version may not work with a different version, unless the + different version is specified by a LFS errata or security advisory. + The newest package versions may also have problems that require + work-arounds. These work-arounds will be developed and stabilized in the + development version of the book.</para> <para>For some packages, the release tarball and the (Git or SVN) repository snapshot tarball for this release may be published with diff --git a/chapter03/packages.xml b/chapter03/packages.xml index 171daec75..67adc3e31 100644 --- a/chapter03/packages.xml +++ b/chapter03/packages.xml @@ -173,6 +173,15 @@ <para>Home page: <ulink url="&expat-home;"/></para> <para>Download: <ulink url="&expat-url;"/></para> <para>MD5 sum: <literal>&expat-md5;</literal></para> + <note> + <para>The upstream may remove tarballs of the specific releases of + <application>Expat</application> when these releases contain a + security vulnerability. You should refer to + <ulink url='&lfs-root;lfs/advisories/'>LFS security advisories</ulink> + to figure out which version (with the vulnerability fixed) should + be used. You may download the vulnerable version from a mirror, + but it's not recommended.</para> + </note> </listitem> </varlistentry> |