NACK: [Vivid][Utopic][CVE-2015-400{1,2,3}][PATCH 0/4] ozwpan driver CVEs

Tim Gardner tim.gardner at canonical.com
Tue Jun 9 19:07:37 UTC 2015


On 06/09/2015 12:57 PM, Kamal Mostafa wrote:
> On Tue, 2015-06-09 at 16:28 +0100, Luis Henriques wrote:
>> Following this email I am sending the fixes for utopic and vivid for 3
>> CVEs in the ozwpan driver: CVE-2015-4001, CVE-2015-4002 and
>> CVE-2015-4003.
>>
>> Jason A. Donenfeld (4):
>>    ozwpan: Use unsigned ints to prevent heap overflow
>>    ozwpan: divide-by-zero leading to panic
>>    ozwpan: Use proper check to prevent heap overflow
>>    ozwpan: unchecked signed subtraction leads to DoS
>>
>>   drivers/staging/ozwpan/ozhcd.c     |  8 ++++----
>>   drivers/staging/ozwpan/ozusbif.h   |  4 ++--
>>   drivers/staging/ozwpan/ozusbsvc1.c | 19 ++++++++++++++-----
>>   3 files changed, 20 insertions(+), 11 deletions(-)
>>
>
> The first patch ("Use unsigned ints") does not apply cleanly to vivid or
> 3.19-stable.
>
> Note that a straight cherry-pick of that upstream commit of all four
> would apply fine to 3.19-based kernels though (and that's what I'll
> queue for 3.19-stable).
>
> please re-send for Vivid and Utopic separately.
>
> Thanks, Luis!
>
>   -Kamal
>
>

I am so confused. The 4 patches Luis submitted for U/V _are_ 
cherry-picks. I even applied them myself just to be sure.

-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list