>> I am just curious if this is ok, or should we always put the CVE: tag inside the patch? > The tag should always be in the patch file. > > Ross So I guess this needs to be fixed: http://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?h=morty&id=8ba5b9eae34bbab537954ccee1726c7ee7a82750 //S