On Tue, Sep 12, 2017 at 09:17:38AM +0200, Takashi Iwai wrote: > On Fri, 08 Sep 2017 19:47:32 +0200, > Grygorii Tertychnyi (gtertych) wrote: > > > > > > >> Hi Greg, > > >> > > >> Could you please apply it for 4.4-stable. > > >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 > > > > > > This vulnerability is just non-issue. You can't get it working > > > practically; it requires a modified hardware of the decade old ISA > > > sound card, and yet the system has to load / set up the module > > > beforehand. We should withdraw it from CVE, IMO. > > > > I think it is worth having it in 4.4, 4.9 and 4.12 also. > > ... even though the code has never been tested on the real hardware? > That doesn't sound good for stable kernels at all. That's why I > didn't put Cc to stable in the patch. Oh, I didn't know that, want me to drop the patch from the stable queues now? thanks, greg k-h _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
