[CVE-Review] Please review proposed patches for CVE-2010-3698

Tim Gardner tim.gardner at canonical.com
Tue Jan 25 17:46:47 UTC 2011

On 01/21/2011 01:09 PM, Stefan Bader wrote:
> Since we are trying to get to a one CVE per week personal tackling mode,
> I went ahead and had a go for one. Below is a little bzr cheat-sheet for
> handling the tracker part (there is a readme in the tracker that explains
> the fields a bit).
> For CVE-2010-3698:
> Dapper:		not-affected
> Hardy:		pending		(Slightly more scary as I had to backport a
> 				 savesegment function from upstream to handle
> 				 the amd64 case. It compiles but should be
> 				 verified by testing.)
> Karmic:		pending
> Lucid:		released	(Came from upstream stable, err longterm.)
> Maverick:	pending		(Needed a bit of tweak as a later reorder
> 				 patch is in here that touches same code.)
> Natty:		released
> -Stefan
> --- bzr cheatsheet ---
> The selection page:
> http://people.canonical.com/~ubuntu-security/cve/pkg/linux.html
> STEAM='lp:~ubuntu-security/ubuntu-cve-tracker/master
> KTEAM='lp:~canonical-kernel-team/ubuntu-cve-tracker/kernel-team'
> To create the branch:
> * bzr branch $KTEAM
> In tracker branch (this syncing should probably be scripted):
> * bzr pull $KTEAM
> * bzr commit -m "Saving local changes"
> * bzr push $KTEAM
> * bzr missing -q --theirs-only --line $STEAM | tee ../msg
>    If ../msg is not empty
>    * bzr merge $STEAM
>    * bzr commit -m "$(cat ../msg)"
>    * bzr push $KTEAM
> After changing the anything in an active/CVE-* file
> !! WARNING: bzr includes *all* files changed in the branch dir to the commit
> * bzr commit -m "<this is my message to the world>"
> * bzr push $KTEAM
> Useful for cleaning up previous commit (commit undone, changes not)
> * bzr uncommit

All of these patches look reasonable, but the backport differences are 
more complex the older the kernel gets. I suggest that we'll have to do 
some thorough testing ourselves since certification does not currently 
have the mechanism to verify regressions in kvm.

Acked-by: Tim Gardner <tim.gardner at canonical.com>

P.S. the commit logs will need a BugLink when committed

Tim Gardner tim.gardner at canonical.com

More information about the kernel-team mailing list