[Lucid][CVE-2014-4608]PATCH 0/3] lzo: properly check for overruns
Tim Gardner
tim.gardner at canonical.com
Fri Jun 27 17:14:08 UTC 2014
On 06/27/2014 11:04 AM, Luis Henriques wrote:
> On Fri, Jun 27, 2014 at 10:52:13AM -0600, Tim Gardner wrote:
>> Well, I hope you got it right 'cause thats a lot of new code. Were you
>> able to test it ?
>>
>> --
>> Tim Gardner tim.gardner at canonical.com
>
> No, I didn't tested them (other than build-testing).
>
> I believe 2.6.32 kernels don't support lzo compressed kernels, so I
> would need find some other test case for that (shouldn't be too
> difficult, I guess). If you want me to test them, just NAK the Lucid
> patches and I'll see what I can do to test it next week.
>
> Anyway, lots of these changes are just moving code around and the
> difference between the backports and the original commits are
> virtually zero. But I share your concerns: I *really* hope I got this
> right as well :-)
>
> Cheers,
> --
> Luís
>
Well, I don't want to wait since next week is crank week already, and
this is kind of a serious CVE. I'll apply as soon as I have a bug
number. I would still like to see some focused testing on our part
before this pile gets out into the wild.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list