On Tue, 12 Sep 2017 14:34:18 +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote: > > On Tue, Sep 12, 2017 at 09:17:38AM +0200, Takashi Iwai wrote: > > On Fri, 08 Sep 2017 19:47:32 +0200, > > Grygorii Tertychnyi (gtertych) wrote: > > > > > > > > > >> Hi Greg, > > > >> > > > >> Could you please apply it for 4.4-stable. > > > >> This fixes https://nvd.nist.gov/vuln/detail/CVE-2017-9985 > > > > > > > > This vulnerability is just non-issue. You can't get it working > > > > practically; it requires a modified hardware of the decade old ISA > > > > sound card, and yet the system has to load / set up the module > > > > beforehand. We should withdraw it from CVE, IMO. > > > > > > I think it is worth having it in 4.4, 4.9 and 4.12 also. > > > > ... even though the code has never been tested on the real hardware? > > That doesn't sound good for stable kernels at all. That's why I > > didn't put Cc to stable in the patch. > > Oh, I didn't know that, want me to drop the patch from the stable queues > now? Honestly, I don't mind. The patch should work, and even if it doesn't, it would be harmless as no one can see the breakage in practice :) It's just ridiculous that people urge such commit for stable kernels even though they never tested / care the real cases but only look at the CVE entry. thanks, Takashi _______________________________________________ Alsa-devel mailing list Alsa-devel@xxxxxxxxxxxxxxxx http://mailman.alsa-project.org/mailman/listinfo/alsa-devel
