On Thu, Jun 06, 2019 at 07:58:35PM +0100, Ben Hutchings wrote:
> On Mon, 2019-06-03 at 16:02 -0700, Zubin Mithra wrote:
> > Hello,
> >
> > CVE-2019-12381 was fixed in the upstream linux kernel with the commit :-
> > * 425aa0e1d015 ("ip_sockglue: Fix missing-check bug in ip_ra_control()")
> >
> > Could the patch be applied in order to v4.19.y, v4.14.y, v4.9.y and v4.4.y ?
> >
> > Tests run:
> > * Chrome OS tryjobs
>
> This doesn't fix a security vulnerability. There already was a check
> for allocation failure before dereferencing the returned pointer; it
> just wasn't in the most obvious place.
>
> I've requested rejection of this CVE, and several other invalid reports
> from the same person.
And where did this 'invalid' come from? Did any maintainers claimed the
patch 'invalid' or something? I am confused...
Thanks
Gen
>
> Ben.
>
> --
> Ben Hutchings
> Experience is what causes a person to make new mistakes
> instead of old ones.
>
>
