[ACK] [CVE-2011-1493] rose networking validation issues
Stefan Bader
stefan.bader at canonical.com
Thu Jul 28 13:18:16 UTC 2011
On 28.07.2011 12:05, Andy Whitcroft wrote:
> CVE-2011-1493
> Bugs in both facilities parsing and in request validation can
> lead to heap corruption.
>
> The fixes for this are in oneiric via mainline and one of the two fixes has
> hit lucid and later via stable updates. Following this email are patch
> sets for all of the remaining affected branches. All of the patches
> except for hardy 3/3 are cherry-picks from mainline, hardy 3/3 is a
> trivial backport. There is a small preparitory cleanup patch included
> in some sets to simplify the port. I am including all of the sets as
> they nearly all differ in patch combinations.
>
> Note that from a review point of view, except for hardy 3/3, where a patch
> appears in more than one set the patch is an identicle change in all sets.
Took me a bit to grasp the wisdom of the above... :-P
>
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick/ti-omap4, natty,
> and natty/ti-omap4.
>
> -apw
>
All patches look like to folllow the upstream counterparts and to do what the
descriptions suggests.
Acked-by: Stefan Bader <stefan.bader at canonical.com>
More information about the kernel-team
mailing list