>>> On 16.03.16 at 10:35, <jslaby@xxxxxxx> wrote: > On 03/16/2016, 10:25 AM, Jan Beulich wrote: >> Hello, >> >> it's been puzzling me for a while that these fixes, despite having the >> necessary Cc, did not make it into (at least) 4.1.y and 3.12.y yet. >> Unless there's a specific reason, may I ask for inclusion of >> >> CVE-2015-8550 / XSA-155: >> >> 454d5d882c xen: Add RING_COPY_REQUEST() >> 0f589967a7 xen-netback: don't use last request to determine minimum Tx credit > > Applied these two to 3.12. W/ slight update of the latter. > >> 68a33bfd84 xen-netback: use RING_COPY_REQUEST() throughout > > This does not apply cleanly and needs a backport. So I stopped here. I'd defer to the maintainers of that code for doing so. The subsequent ones are independent of this though, so it would seem possible/reasonable to apply some or all of those that don't require backports even if the one above doesn't apply cleanly. Iirc at least the scsiback one might also need a backport, but that again wouldn't hinder the pciback ones going in. >> 1f13d75ccb xen-blkback: only read request operation from shared ring once >> 1877914910 xen-blkback: read from indirect descriptors only once >> be69746ec1 xen-scsiback: safely copy requests >> 8135cf8b092 xen/pciback: Save xen_pci_op commands before processing it >> >> plus the follow-up fix >> >> d159457b84 xen/pciback: Save the number of MSI-X entries to be copied later. > > > >> CVE-2015-8551, CVE-2015-8552 / XSA-157: > > The fixes for this one applied all cleanly, applied to 3.12. Thanks! Jan -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html