Re: Testing stable backports for netfilter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 11/06/2024 10:41, Pablo Neira Ayuso wrote:
On Tue, Jun 11, 2024 at 11:28:29AM +0530, Harshit Mogalapalli wrote:
On 11/06/24 03:29, Pablo Neira Ayuso wrote:
On Mon, Jun 10, 2024 at 11:51:53PM +0530, Harshit Mogalapalli wrote:
Hello netfilter developers,

Do we have any tests that we could run before sending a stable backport in
netfilter/ subsystem to stable@vger ?

Let us say we have a CVE fix which is only backported till 5.10.y but it is
needed is 5.4.y and 4.19.y, the backport might need to easy to make, just
fixing some conflicts due to contextual changes or missing commits.

Which one in particular is missing?

I was planning to backport the fix for CVE-2023-52628 onto 5.4.y and 4.19.y
trees.

lts-5.10       : v5.10.198             - a7d86a77c33b netfilter: nftables:
exthdr: fix 4-byte stack OOB write
   lts-5.15       : v5.15.132             - 1ad7b189cc14 netfilter: nftables:
exthdr: fix 4-byte stack OOB write
   lts-6.1        : v6.1.54               - d9ebfc0f2137 netfilter: nftables:

exthdr: fix 4-byte stack OOB write
   mainline       : v6.6-rc1              - fd94d9dadee5 netfilter: nftables:
exthdr: fix 4-byte stack OOB write

This is information is incorrect.

This fix is already in 6.1 -stable.

commit d9ebfc0f21377690837ebbd119e679243e0099cc
Author: Florian Westphal <fw@xxxxxxxxx>
Date:   Tue Sep 5 23:13:56 2023 +0200

     netfilter: nftables: exthdr: fix 4-byte stack OOB write

     [ Upstream commit fd94d9dadee58e09b49075240fe83423eb1dcd36 ]

Right, it's in 6.1, 5.10, and 5.5 -- that's what the list above shows.

It still seems to be missing from 5.4 and 4.19.


Vegard




[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux