On Thu, Oct 04, 2018 at 10:53:10AM -0700, Greg Hackmann wrote: > A batch of ext4-related CVE fixes were released to other kernels in > linux-stable, but don't apply cleanly to 3.18.y. For the most part > these are unmodified cherry-picks of Ben Hutchings's 3.16.y backports > (exceptions are noted above my Signed-off-by). > > Theodore Ts'o (10): > ext4: only look at the bg_flags field if it is valid > ext4: fix check to prevent initializing reserved inodes > ext4: always check block group bounds in ext4_init_block_bitmap() > ext4: fix false negatives *and* false positives in > ext4_check_descriptors() > ext4: add corruption check in ext4_xattr_set_entry() > ext4: always verify the magic number in xattr blocks > ext4: never move the system.data xattr out of the inode body > ext4: add more inode number paranoia checks > jbd2: don't mark block as modified if the handle is out of credits > ext4: avoid running out of journal credits when appending to an inline > file All now applied, thanks. greg k-h
