[PATCH 00/11] [lucid/master] CVE-2010-4251 v2
Stefan Bader
stefan.bader at canonical.com
Tue Jul 12 09:01:34 UTC 2011
On 11.07.2011 18:14, Tim Gardner wrote:
> On 07/11/2011 10:03 AM, Paolo Pisati wrote:
>> On 07/11/2011 05:23 PM, Tim Gardner wrote:
>>>
>>> While researching these patches I stumbled across some further analysis
>>> of this vulnerability by Eugene Teo at
>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
>>> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
>>> problem.
>>
>> you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
>> account")? saw that, and is handled in another CVE in our db
>> (CVE-2010-4805), so i wanted to issue a subsequent pull.
>>
>
> Since both CVEs address the same issue, I wonder if we shouldn't just fix them
> in the same patch set. Perhaps mark CVE-2010-4251 as a duplicate of CVE-2010-4805 ?
>
> rtg
If it really is the same patch fixing both, it would be possible to have both
cves referenced there. As it sounds like they got another cve number for fixing
the fix it sounds more like a matter of submission.
It should work if Paolo marked the respective patches with the matching cve but
submitted them as one review. And anything prerequisite gets the cve number of
whatever was the first that needed it to apply...
-Stefan
More information about the kernel-team
mailing list