Hello, Yuki, all, My commit fa52bd506f resolves CVE-2015-7833, as mentioned in https://www.spinics.net/lists/linux-media/msg96936.html Please, note a message from Hans down this thread, who agrees with my point. Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer ----- Original Message ----- From: "Yuki Machida" <machida.yuki@xxxxxxxxxxxxxx> To: "Vladis Dronov" <vdronov@xxxxxxxxxx> Cc: "sasha levin" <sasha.levin@xxxxxxxxxx>, linux-media@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx, hverkuil@xxxxxxxxx, oneukum@xxxxxxxx, mchehab@xxxxxxxxxxxxxxx, ralf@xxxxxxxxxxxxxx Sent: Friday, April 15, 2016 10:31:17 AM Subject: Re: Backport a Security Fix for CVE-2015-7833 to v4.1 Hi Vladis, > I apologize for intercepting, but I believe commit 588afcc1 should > not be accepted and reverted in the trees where it was. > > Reasons: > > https://patchwork.linuxtv.org/patch/32798/ > or > https://www.spinics.net/lists/linux-media/msg96936.html Thank you for your reply. If it revert commit 588afcc1 from the kernel, It exists a Security Issue of CVE-2015-7833. What do you think about it? Best regards, Yuki Machida On 2016年04月11日 21:03, Vladis Dronov wrote: > Hello, > > I apologize for intercepting, but I believe commit 588afcc1 should > not be accepted and reverted in the trees where it was. > > Reasons: > > https://patchwork.linuxtv.org/patch/32798/ > or > https://www.spinics.net/lists/linux-media/msg96936.html > > > Best regards, > Vladis Dronov | Red Hat, Inc. | Product Security Engineer > > ----- Original Message ----- > From: "Yuki Machida" <machida.yuki@xxxxxxxxxxxxxx> > To: "sasha levin" <sasha.levin@xxxxxxxxxx> > Cc: linux-media@xxxxxxxxxxxxxxx, stable@xxxxxxxxxxxxxxx, hverkuil@xxxxxxxxx, oneukum@xxxxxxxx, vdronov@xxxxxxxxxx, mchehab@xxxxxxxxxxxxxxx, ralf@xxxxxxxxxxxxxx > Sent: Monday, April 11, 2016 7:19:34 AM > Subject: Backport a Security Fix for CVE-2015-7833 to v4.1 > > Hi Sasha, > > I conformed that these patches for CVE-2015-7833 not applied at v4.1.21. > 588afcc1c0e45358159090d95bf7b246fb67565 > fa52bd506f274b7619955917abfde355e3d19ff > Could you please apply this CVE-2015-7833 fix for 4.1-stable ? > > References: > https://security-tracker.debian.org/tracker/CVE-2015-7833 > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=588afcc1c0e45358159090d95bf7b246fb67565f > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa52bd506f274b7619955917abfde355e3d19ffe > > Regards, > Yuki Machida > -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
