On Thu, Feb 15, 2024 at 07:20:09PM +0100, Greg Kroah-Hartman wrote: > Here's an example of what the CVE announcement is going to look like for > a "test" that we have been doing for our scripts > https://lore.kernel.org/linux-cve-announce/2024021353-drainage-unstuffed-a7c0@gregkh/T/#u > ... > the latest release is impossible, the individual change to resolve this > issue can be found at: > https://git.kernel.org/stable/linux/c/f08adf5add9a071160c68bb2a61d697f39ab0758 This is the "original fix", a v5.16 commit, which was backported to all the stables. For this case, that seems fine (it's pretty easy to grep the stable trees for the SHA). In the case of a fix only being in -stable, what will be listed for SHAs here? Each stable SHA? Something else? -- Kees Cook
