Le 2018-12-17 09:19, Greg KH a écrit :
On Sun, Dec 16, 2018 at 09:08:20PM +0100, Loic wrote:
Le 2018-12-16 20:27, Steven Rostedt a écrit :
> On Sun, 16 Dec 2018 09:52:33 +0100
> Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> > On Sat, Dec 15, 2018 at 06:25:37PM +0100, Loic wrote:
> > > Hello,
> > >
> > > Please picked up this patch for linux 4.4 and 4.9.
> > > This fixes CVE-2017-0605 (Rejected?). Tested in Debian ;)
> >
> > It was rejected as a CVE for a good reason, and that reason is also
> > why
> > I refused to add it to the stable kernel releases. In short, this is
> > not an issue or bug at all, there is nothing wrong with the existing
> > code.
> >
>
> I'm starting to regret that I ever accepted the original patch :-(
>
> -- Steve
Okay, I hadn't looked at the previous conversations because this
change is
in the upstream and in debian...
Upstream is fine, it's a valid change so that people don't keep sending
the crazy patch over and over.
Debian is just cargo-culting the thing and should probably drop it as
it
keeps coming back to me every 3 months or so, and I have to reject it
again :(
thanks,
greg k-h
Why didn't you follow the upstream or add a comment "no change for fake
CVE-2017-0605" to break the debian patch ?
In short, I accuse the Debian kernel team in my defense, it's up to them
to buy you a beer :)
Thanks.
Best regards,
Loic
