[PATCH 00/11] [lucid/master] CVE-2010-4251 v2

Tim Gardner tim.gardner at canonical.com
Mon Jul 11 16:14:19 UTC 2011


On 07/11/2011 10:03 AM, Paolo Pisati wrote:
> On 07/11/2011 05:23 PM, Tim Gardner wrote:
>>
>> While researching these patches I stumbled across some further analysis
>> of this vulnerability by Eugene Teo at
>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
>> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
>> problem.
>
> you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
> account")? saw that, and is handled in another CVE in our db
> (CVE-2010-4805), so i wanted to issue a subsequent pull.
>

Since both CVEs address the same issue, I wonder if we shouldn't just 
fix them in the same patch set. Perhaps mark CVE-2010-4251 as a 
duplicate of CVE-2010-4805 ?

rtg
-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list