[ACK] [CVE-2011-1493] rose networking validation issues

Stefan Bader stefan.bader at canonical.com
Thu Jul 28 13:18:16 UTC 2011

On 28.07.2011 12:05, Andy Whitcroft wrote:
> CVE-2011-1493
> 	Bugs in both facilities parsing and in request validation can
> 	lead to heap corruption.
> The fixes for this are in oneiric via mainline and one of the two fixes has
> hit lucid and later via stable updates.  Following this email are patch
> sets for all of the remaining affected branches.  All of the patches
> except for hardy 3/3 are cherry-picks from mainline, hardy 3/3 is a
> trivial backport.  There is a small preparitory cleanup patch included
> in some sets to simplify the port.  I am including all of the sets as
> they nearly all differ in patch combinations.
> Note that from a review point of view, except for hardy 3/3, where a patch
> appears in more than one set the patch is an identicle change in all sets.

Took me a bit to grasp the wisdom of the above... :-P

> Proposing for hardy, lucid, lucid/fsl-imx51, maverick/ti-omap4, natty,
> and natty/ti-omap4.
> -apw

All patches look like to folllow the upstream counterparts and to do what the
descriptions suggests.

Acked-by: Stefan Bader <stefan.bader at canonical.com>

More information about the kernel-team mailing list