On Mon, 2018-12-17 at 20:42 +0100, Loic wrote: > Le 2018-12-17 09:19, Greg KH a écrit : > > On Sun, Dec 16, 2018 at 09:08:20PM +0100, Loic wrote: > > > Le 2018-12-16 20:27, Steven Rostedt a écrit : > > > > On Sun, 16 Dec 2018 09:52:33 +0100 > > > > Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > > > > > > On Sat, Dec 15, 2018 at 06:25:37PM +0100, Loic wrote: > > > > > > Hello, > > > > > > > > > > > > Please picked up this patch for linux 4.4 and 4.9. > > > > > > This fixes CVE-2017-0605 (Rejected?). Tested in Debian ;) > > > > > > > > > > It was rejected as a CVE for a good reason, and that reason is also > > > > > why > > > > > I refused to add it to the stable kernel releases. In short, this is > > > > > not an issue or bug at all, there is nothing wrong with the existing > > > > > code. > > > > > > > > > > > > > I'm starting to regret that I ever accepted the original patch :-( > > > > > > > > -- Steve > > > > > > Okay, I hadn't looked at the previous conversations because this > > > change is > > > in the upstream and in debian... > > > > Upstream is fine, it's a valid change so that people don't keep sending > > the crazy patch over and over. > > > > Debian is just cargo-culting the thing and should probably drop it as > > it > > keeps coming back to me every 3 months or so, and I have to reject it > > again :( > > > > thanks, > > > > greg k-h > > Why didn't you follow the upstream or add a comment "no change for fake > CVE-2017-0605" to break the debian patch ? > > In short, I accuse the Debian kernel team in my defense, it's up to them > to buy you a beer :) I was always sceptical about this CVE and commented to that effect in <https://salsa.debian.org/kernel-team/kernel-sec/raw/master/retired/CVE-2017-0605>. But the upstream "fix" also looked safe to apply just in case there was something I was missing... As it's causing confusion I can drop the patch from Debian now. Ben. -- Ben Hutchings Anthony's Law of Force: Don't force it, get a larger hammer.
Attachment:
signature.asc
Description: This is a digitally signed message part
