* Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
@ 2018-05-18 13:47 Guenter Roeck
2018-05-18 14:52 ` Greg Kroah-Hartman
0 siblings, 1 reply; 5+ messages in thread
From: Guenter Roeck @ 2018-05-18 13:47 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Hi Greg,
please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
to v4.9.y and older to fix CVE-2018-10087.
Thanks,
Guenter
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
2018-05-18 13:47 Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older Guenter Roeck
@ 2018-05-18 14:52 ` Greg Kroah-Hartman
2018-05-18 16:00 ` Guenter Roeck
0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-18 14:52 UTC (permalink / raw)
To: Guenter Roeck; +Cc: stable
On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
> Hi Greg,
>
> please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
> to v4.9.y and older to fix CVE-2018-10087.
Odd no one asked for that one to be backported before :(
Anyway, now applied, thanks.
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
2018-05-18 14:52 ` Greg Kroah-Hartman
@ 2018-05-18 16:00 ` Guenter Roeck
2018-05-19 7:44 ` Greg Kroah-Hartman
0 siblings, 1 reply; 5+ messages in thread
From: Guenter Roeck @ 2018-05-18 16:00 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: stable
On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
> On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
> > Hi Greg,
> >
> > please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
> > to v4.9.y and older to fix CVE-2018-10087.
>
> Odd no one asked for that one to be backported before :(
>
Not entirely surprising. The patch is from July 2017, it wasn't marked
for stable, and the CVE has been created only recently (04/13/2018).
CVE severity and the reference to the upstream commit were added
yesterday, which caused our CVE tracker to barf at me.
Guenter
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
2018-05-18 16:00 ` Guenter Roeck
@ 2018-05-19 7:44 ` Greg Kroah-Hartman
2018-05-19 14:09 ` Guenter Roeck
0 siblings, 1 reply; 5+ messages in thread
From: Greg Kroah-Hartman @ 2018-05-19 7:44 UTC (permalink / raw)
To: Guenter Roeck; +Cc: stable
On Fri, May 18, 2018 at 09:00:07AM -0700, Guenter Roeck wrote:
> On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
> > On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
> > > Hi Greg,
> > >
> > > please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
> > > to v4.9.y and older to fix CVE-2018-10087.
> >
> > Odd no one asked for that one to be backported before :(
> >
>
> Not entirely surprising. The patch is from July 2017, it wasn't marked
> for stable, and the CVE has been created only recently (04/13/2018).
> CVE severity and the reference to the upstream commit were added
> yesterday, which caused our CVE tracker to barf at me.
Who applied for the CVE number? They should have been the ones to
notify people of the issue, so who should I go kick about this? :)
thanks,
greg k-h
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
2018-05-19 7:44 ` Greg Kroah-Hartman
@ 2018-05-19 14:09 ` Guenter Roeck
0 siblings, 0 replies; 5+ messages in thread
From: Guenter Roeck @ 2018-05-19 14:09 UTC (permalink / raw)
To: Greg Kroah-Hartman; +Cc: stable
On 05/19/2018 12:44 AM, Greg Kroah-Hartman wrote:
> On Fri, May 18, 2018 at 09:00:07AM -0700, Guenter Roeck wrote:
>> On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote:
>>> On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote:
>>>> Hi Greg,
>>>>
>>>> please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
>>>> to v4.9.y and older to fix CVE-2018-10087.
>>>
>>> Odd no one asked for that one to be backported before :(
>>>
>>
>> Not entirely surprising. The patch is from July 2017, it wasn't marked
>> for stable, and the CVE has been created only recently (04/13/2018).
>> CVE severity and the reference to the upstream commit were added
>> yesterday, which caused our CVE tracker to barf at me.
>
> Who applied for the CVE number? They should have been the ones to
> notify people of the issue, so who should I go kick about this? :)
>
No idea, and no idea how to find out.
Guenter
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-05-19 14:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-18 13:47 Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older Guenter Roeck
2018-05-18 14:52 ` Greg Kroah-Hartman
2018-05-18 16:00 ` Guenter Roeck
2018-05-19 7:44 ` Greg Kroah-Hartman
2018-05-19 14:09 ` Guenter Roeck
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.