[PATCH 00/11] [lucid] CVE-2010-4251

Tim Gardner tim.gardner at canonical.com
Mon Jul 11 13:06:45 UTC 2011 

On 07/11/2011 02:17 AM, Paolo Pisati wrote:
> All patches from master, need review and ack.
> Patches [3-5] are not related to this CVE, but are necessary to apply patch
> 6 cleanly.
> Tested on a lucid qemu image: boot test plus an entire system `apt-get upgrade`.
>
> Eric Dumazet (3):
>    ipv6: udp: Optimise multicast reception
>    ipv4: udp: Optimise multicast reception
>    udp: multicast RX should increment SNMP/sk_drops counter in
>      allocation failures
>
> Zhu Yi (8):
>    net: add limit for socket backlog CVE-2010-4251
>    tcp: use limited socket backlog CVE-2010-4251
>    udp: use limited socket backlog CVE-2010-4251
>    llc: use limited socket backlog CVE-2010-4251
>    sctp: use limited socket backlog CVE-2010-4251
>    tipc: use limited socket backlog CVE-2010-4251
>    x25: use limited socket backlog CVE-2010-4251
>    net: backlog functions rename CVE-2010-4251
>
>   include/net/sock.h       |   17 +++++++-
>   net/core/sock.c          |   16 +++++++-
>   net/dccp/minisocks.c     |    2 +-
>   net/ipv4/tcp_ipv4.c      |    6 ++-
>   net/ipv4/tcp_minisocks.c |    2 +-
>   net/ipv4/udp.c           |   92 ++++++++++++++++++++++++++++++++--------------
>   net/ipv6/tcp_ipv6.c      |    6 ++-
>   net/ipv6/udp.c           |   89 +++++++++++++++++++++++++++++++-------------
>   net/llc/llc_c_ac.c       |    2 +-
>   net/llc/llc_conn.c       |    3 +-
>   net/sctp/input.c         |   42 +++++++++++++-------
>   net/sctp/socket.c        |    3 +
>   net/tipc/socket.c        |    6 ++-
>   net/x25/x25_dev.c        |    2 +-
>   14 files changed, 204 insertions(+), 84 deletions(-)
>

Please make it clear which patches are clean cherry-picks by using the 
'-x' flag to 'git cherry-pick'. Furthermore, note which patches are 
backports by clearly stating in the commit log message 'backported from 
upstream commit XXX'. In this particular series, patches 1-3 are 
cherry-picks, whereas 4 appears to need backporting. Backported patches 
require a higher level of scrutiny, so knowing which patches to focus on 
saves the reviewers a little time.

rtg
-- 
Tim Gardner tim.gardner at canonical.com

More information about the kernel-team mailing list