Hi Herbert, these patches for 2.6.24 fix a number of netfilter bugs: a refcount leak in a CONNMARK and CONNSECMARK error path, a network triggerable WARN_ON in the IPv6 TCPMSS target and an endless loop caused by passing a zero-length pattern to the string match. Please apply, thanks. lib/textsearch.c | 8 ++++++-- net/netfilter/xt_CONNMARK.c | 10 +++++----- net/netfilter/xt_CONNSECMARK.c | 10 +++++----- net/netfilter/xt_TCPMSS.c | 4 +--- 4 files changed, 17 insertions(+), 15 deletions(-) Jan Engelhardt (1): [NETFILTER]: fix forgotten module release in xt_CONNMARK and xt_CONNSECMARK Pablo Neira Ayuso (1): [TEXTSEARCH]: Do not allow zero length patterns in the textsearch infrastructure Patrick McHardy (1): [NETFILTER]: xt_TCPMSS: remove network triggerable WARN_ON - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html