* Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older
@ 2018-05-18 13:47 Guenter Roeck
2018-05-18 14:52 ` Greg Kroah-Hartman
0 siblings, 1 reply; 5+ messages in thread
From: Guenter Roeck @ 2018-05-18 13:47 UTC (permalink / raw)
To: Greg Kroah-Hartman, stable
Hi Greg,
please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()")
to v4.9.y and older to fix CVE-2018-10087.
Thanks,
Guenter
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older 2018-05-18 13:47 Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older Guenter Roeck @ 2018-05-18 14:52 ` Greg Kroah-Hartman 2018-05-18 16:00 ` Guenter Roeck 0 siblings, 1 reply; 5+ messages in thread From: Greg Kroah-Hartman @ 2018-05-18 14:52 UTC (permalink / raw) To: Guenter Roeck; +Cc: stable On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote: > Hi Greg, > > please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") > to v4.9.y and older to fix CVE-2018-10087. Odd no one asked for that one to be backported before :( Anyway, now applied, thanks. greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older 2018-05-18 14:52 ` Greg Kroah-Hartman @ 2018-05-18 16:00 ` Guenter Roeck 2018-05-19 7:44 ` Greg Kroah-Hartman 0 siblings, 1 reply; 5+ messages in thread From: Guenter Roeck @ 2018-05-18 16:00 UTC (permalink / raw) To: Greg Kroah-Hartman; +Cc: stable On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote: > On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote: > > Hi Greg, > > > > please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") > > to v4.9.y and older to fix CVE-2018-10087. > > Odd no one asked for that one to be backported before :( > Not entirely surprising. The patch is from July 2017, it wasn't marked for stable, and the CVE has been created only recently (04/13/2018). CVE severity and the reference to the upstream commit were added yesterday, which caused our CVE tracker to barf at me. Guenter ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older 2018-05-18 16:00 ` Guenter Roeck @ 2018-05-19 7:44 ` Greg Kroah-Hartman 2018-05-19 14:09 ` Guenter Roeck 0 siblings, 1 reply; 5+ messages in thread From: Greg Kroah-Hartman @ 2018-05-19 7:44 UTC (permalink / raw) To: Guenter Roeck; +Cc: stable On Fri, May 18, 2018 at 09:00:07AM -0700, Guenter Roeck wrote: > On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote: > > On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote: > > > Hi Greg, > > > > > > please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") > > > to v4.9.y and older to fix CVE-2018-10087. > > > > Odd no one asked for that one to be backported before :( > > > > Not entirely surprising. The patch is from July 2017, it wasn't marked > for stable, and the CVE has been created only recently (04/13/2018). > CVE severity and the reference to the upstream commit were added > yesterday, which caused our CVE tracker to barf at me. Who applied for the CVE number? They should have been the ones to notify people of the issue, so who should I go kick about this? :) thanks, greg k-h ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older 2018-05-19 7:44 ` Greg Kroah-Hartman @ 2018-05-19 14:09 ` Guenter Roeck 0 siblings, 0 replies; 5+ messages in thread From: Guenter Roeck @ 2018-05-19 14:09 UTC (permalink / raw) To: Greg Kroah-Hartman; +Cc: stable On 05/19/2018 12:44 AM, Greg Kroah-Hartman wrote: > On Fri, May 18, 2018 at 09:00:07AM -0700, Guenter Roeck wrote: >> On Fri, May 18, 2018 at 04:52:07PM +0200, Greg Kroah-Hartman wrote: >>> On Fri, May 18, 2018 at 06:47:46AM -0700, Guenter Roeck wrote: >>>> Hi Greg, >>>> >>>> please apply commit dd83c161fbc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") >>>> to v4.9.y and older to fix CVE-2018-10087. >>> >>> Odd no one asked for that one to be backported before :( >>> >> >> Not entirely surprising. The patch is from July 2017, it wasn't marked >> for stable, and the CVE has been created only recently (04/13/2018). >> CVE severity and the reference to the upstream commit were added >> yesterday, which caused our CVE tracker to barf at me. > > Who applied for the CVE number? They should have been the ones to > notify people of the issue, so who should I go kick about this? :) > No idea, and no idea how to find out. Guenter ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-05-19 14:09 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-05-18 13:47 Please apply dd83c161fbcc ("kernel/exit.c: avoid undefined behaviour when calling wait4()") to v4.9.y and older Guenter Roeck
2018-05-18 14:52 ` Greg Kroah-Hartman
2018-05-18 16:00 ` Guenter Roeck
2018-05-19 7:44 ` Greg Kroah-Hartman
2018-05-19 14:09 ` Guenter Roeck
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.