[CVE-Review] Please review proposed patches for CVE-2010-3698
Tim Gardner
tim.gardner at canonical.com
Tue Jan 25 17:46:47 UTC 2011
On 01/21/2011 01:09 PM, Stefan Bader wrote:
> Since we are trying to get to a one CVE per week personal tackling mode,
> I went ahead and had a go for one. Below is a little bzr cheat-sheet for
> handling the tracker part (there is a readme in the tracker that explains
> the fields a bit).
>
> For CVE-2010-3698:
> Dapper: not-affected
> Hardy: pending (Slightly more scary as I had to backport a
> savesegment function from upstream to handle
> the amd64 case. It compiles but should be
> verified by testing.)
> Karmic: pending
> Lucid: released (Came from upstream stable, err longterm.)
> Maverick: pending (Needed a bit of tweak as a later reorder
> patch is in here that touches same code.)
> Natty: released
>
> -Stefan
>
> --- bzr cheatsheet ---
>
> The selection page:
> http://people.canonical.com/~ubuntu-security/cve/pkg/linux.html
>
> STEAM='lp:~ubuntu-security/ubuntu-cve-tracker/master
> KTEAM='lp:~canonical-kernel-team/ubuntu-cve-tracker/kernel-team'
>
> To create the branch:
> * bzr branch $KTEAM
>
> In tracker branch (this syncing should probably be scripted):
> * bzr pull $KTEAM
> * bzr commit -m "Saving local changes"
> * bzr push $KTEAM
> * bzr missing -q --theirs-only --line $STEAM | tee ../msg
> If ../msg is not empty
> * bzr merge $STEAM
> * bzr commit -m "$(cat ../msg)"
> * bzr push $KTEAM
>
> After changing the anything in an active/CVE-* file
> !! WARNING: bzr includes *all* files changed in the branch dir to the commit
> * bzr commit -m "<this is my message to the world>"
> * bzr push $KTEAM
>
> Useful for cleaning up previous commit (commit undone, changes not)
> * bzr uncommit
>
>
All of these patches look reasonable, but the backport differences are
more complex the older the kernel gets. I suggest that we'll have to do
some thorough testing ourselves since certification does not currently
have the mechanism to verify regressions in kvm.
Acked-by: Tim Gardner <tim.gardner at canonical.com>
P.S. the commit logs will need a BugLink when committed
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list