On Fri, Jun 03, 2016 at 04:09:34PM +0200, Moritz Muehlenhoff wrote: > Hi, > > On Thu, Jun 02, 2016 at 09:27:16AM -0700, Greg KH wrote: > > On Thu, Jun 02, 2016 at 10:49:09AM +0200, Moritz Muehlenhoff wrote: > > > Hi, > > > I checked for missing security fixes as of 4.4.12. Can you please > > > merge the following? (didn't check other stable kernels): > > > > > > CVE-2015-7833: [media] usbvision fix overflow of interfaces array > > > 588afcc1c0e45358159090d95bf7b246fb67565f > > > (second part of that was already merged in 4.4.8) > > > > Are you sure about this one? I thought there was discussions about if > > this was correct or not... > > > > > CVE-2016-2847: pipe: limit the per-user amount of pages allocated in pipes > > > 759c01142a5d0f364a462346168a56de28a80f52 > > > (the patch mentions CVE-2013-4312, but a different CVE ID was assigned later) > > > > Have you tested this? > > 588afcc1c0e45358159090d95bf7b246fb67565f has been cherrypicked into the > Debian sid kernel since December and 759c01142a5d0f364a462346168a56de28a80f52 > since February without problems. Ok, thanks for letting me know, I've queued these up now. > > > CVE-2016-0758: KEYS: Fix ASN.1 indefinite length object parsing > > > 23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa > > > > Is this a real issue? If so, can you cc: the patch authors and ask them > > if they want this in a stable kernel? > > Sure, will followup for the other patches in separate mail. Wonderful, thanks for doing this. greg k-h -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html