Re: Security fixes for 4.4.x

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Thu, Jun 02, 2016 at 09:27:16AM -0700, Greg KH wrote:
> On Thu, Jun 02, 2016 at 10:49:09AM +0200, Moritz Muehlenhoff wrote:
> > Hi,
> > I checked for missing security fixes as of 4.4.12. Can you please
> > merge the following? (didn't check other stable kernels):
> > 
> > CVE-2015-7833: [media] usbvision fix overflow of interfaces array
> > 588afcc1c0e45358159090d95bf7b246fb67565f
> > (second part of that was already merged in 4.4.8)
> 
> Are you sure about this one?  I thought there was discussions about if
> this was correct or not...
> 
> > CVE-2016-2847: pipe: limit the per-user amount of pages allocated in pipes
> > 759c01142a5d0f364a462346168a56de28a80f52
> > (the patch mentions CVE-2013-4312, but a different CVE ID was assigned later)
> 
> Have you tested this?

588afcc1c0e45358159090d95bf7b246fb67565f has been cherrypicked into the
Debian sid kernel since December and 759c01142a5d0f364a462346168a56de28a80f52
since February without problems.

> > CVE-2016-0758: KEYS: Fix ASN.1 indefinite length object parsing
> > 23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa
> 
> Is this a real issue?  If so, can you cc: the patch authors and ask them
> if they want this in a stable kernel?

Sure, will followup for the other patches in separate mail.

Cheers,
        Moritz
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]