Re: [PATCH 4.4 0/4] CVE fixes for 4.4

Re: [PATCH 4.4 0/4] CVE fixes for 4.4

[Juerg Haefliger]

[-- Attachment #1.1: Type: text/plain, Size: 1057 bytes --]

Hi Greg,

Did you have a chance to look at the below 4 patches?

Did I do something wrong when submitting them or are there other reasons not to include them in the
4.4 kernel?

Btw, they still apply on top of 4.4.20.

Thanks
...Juerg


On 08/29/2016 03:38 PM, Juerg Haefliger wrote:
> This patch series fixes the following CVEs in the 4.4 kernel:
>   - CVE-2016-0758
>   - CVE-2016-5243
>   - CVE-2016-5244
>   - CVE-2016-6130
> 
> David Howells (1):
>   KEYS: Fix ASN.1 indefinite length object parsing
> 
> Kangjie Lu (2):
>   tipc: fix an infoleak in tipc_nl_compat_link_dump
>   rds: fix an infoleak in rds_inc_info_copy
> 
> Martin Schwidefsky (1):
>   s390/sclp_ctl: fix potential information leak with /dev/sclp
> 
>  drivers/s390/char/sclp_ctl.c | 12 +++++++-----
>  lib/asn1_decoder.c           | 16 +++++++++-------
>  net/rds/recv.c               |  2 ++
>  net/tipc/netlink_compat.c    |  3 ++-
>  4 files changed, 20 insertions(+), 13 deletions(-)
> 


-- 
Juerg Haefliger
Hewlett Packard Enterprise


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

Re: [PATCH 4.4 0/4] CVE fixes for 4.4

[Greg KH]

On Wed, Sep 07, 2016 at 12:50:13PM +0200, Juerg Haefliger wrote:
> Hi Greg,
> 
> Did you have a chance to look at the below 4 patches?

Not yet, I have over 300 pending patches for the stable kernels to work
through at the moment.  Don't worry, these aren't lost, just sitting in
the middle of all of them :)

thanks,

greg k-h