From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from heian.cn.fujitsu.com (heian.cn.fujitsu.com [183.91.158.132])
 by mx.groups.io with SMTP id smtpd.web11.4963.1585279207897336471
 for <meta-freescale@lists.yoctoproject.org>;
 Thu, 26 Mar 2020 20:20:08 -0700
Authentication-Results: mx.groups.io;
 dkim=missing; spf=none, err=SPF record not found (domain: cn.fujitsu.com, ip: 183.91.158.132, mailfrom: zangrc.fnst@cn.fujitsu.com)
X-IronPort-AV: E=Sophos;i="5.72,310,1580745600"; 
   d="scan'208";a="87525373"
Received: from unknown (HELO cn.fujitsu.com) ([10.167.33.5])
  by heian.cn.fujitsu.com with ESMTP; 27 Mar 2020 11:20:02 +0800
Received: from G08CNEXMBPEKD04.g08.fujitsu.local (unknown [10.167.33.201])
	by cn.fujitsu.com (Postfix) with ESMTP id 6EBD8406AB15;
	Fri, 27 Mar 2020 11:09:48 +0800 (CST)
Received: from localhost.localdomain (10.167.225.81) by
 G08CNEXMBPEKD04.g08.fujitsu.local (10.167.33.201) with Microsoft SMTP Server
 (TLS) id 15.0.1497.2; Fri, 27 Mar 2020 11:19:55 +0800
Subject: Re: [meta-freescale] CVE related consulting on linux-qoriq
To: Zhenhua Luo <zhenhua.luo@nxp.com>
References: <793460a0-087d-ec84-dde0-c08014148811@cn.fujitsu.com>
 <VI1PR04MB52943A48E2FEF997C64E3440EECE0@VI1PR04MB5294.eurprd04.prod.outlook.com>
CC: <meta-freescale@lists.yoctoproject.org>
From: "zangrc" <zangrc.fnst@cn.fujitsu.com>
Message-ID: <298fbe7f-5620-8d01-eb05-243936ad9f21@cn.fujitsu.com>
Date: Fri, 27 Mar 2020 11:22:29 +0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.1.1
MIME-Version: 1.0
In-Reply-To: <VI1PR04MB52943A48E2FEF997C64E3440EECE0@VI1PR04MB5294.eurprd04.prod.outlook.com>
X-Originating-IP: [10.167.225.81]
X-ClientProxiedBy: G08CNEXCHPEKD06.g08.fujitsu.local (10.167.33.205) To
 G08CNEXMBPEKD04.g08.fujitsu.local (10.167.33.201)
X-yoursite-MailScanner-ID: 6EBD8406AB15.AA0B7
X-yoursite-MailScanner: Found to be clean
X-yoursite-MailScanner-From: zangrc.fnst@cn.fujitsu.com
X-Spam-Status: No
Content-Type: text/plain; charset="utf-8"; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-US

Hi,
Our team found that there are currently some CVE patches on some 
branches that are also applicable to other branches. May I ask if NXP 
has any corresponding measures to deal with this situation.
E.g:
CVE-2019-14814 has been fixed on the v5.3 branch and is not fixed on 
v4.19. But it also should be applied to v4.19.

Best Regards,
Zang Ruochen
On 3/25/20 11:54 AM, Zhenhua Luo wrote:
> Hi Ruochen,
>
> Are those CVE patches developed for kernel tree or meta-freescale layer? May I know which kernel version you are working? I can check the process.
>
>
> Best Regards,
>
> Zhenhua
>
>> -----Original Message-----
>> From: meta-freescale@lists.yoctoproject.org <meta-
>> freescale@lists.yoctoproject.org> On Behalf Of zangrc via
>> Lists.Yoctoproject.Org
>> Sent: Wednesday, March 25, 2020 11:36 AM
>> To: meta-freescale@lists.yoctoproject.org
>> Cc: meta-freescale@lists.yoctoproject.org
>> Subject: [meta-freescale] CVE related consulting on linux-qoriq
>>
>> Hi,
>>
>> Our team is going to work on the CVE correction of linux-qoriq.
>> I wonder if we submit such patches, will they be merged? If yes, which ML
>> should I send?
>>
>> Best Regards,
>> Zang Ruochen
>>
>>
>
>