[A][PATCH 0/1] CVE-2018-1068

Andy Whitcroft apw at canonical.com
Mon May 14 09:40:10 UTC 2018

On Mon, May 14, 2018 at 01:41:27AM -0400, Khalid Elmously wrote:

> CVE matrix shows this fix as needed for T/X/A/B/C. However the fix is
> already part of linux-stable 4.4.122 (so T/X have it) and linux-stable
> 4.15.10 (so B/C have it). So only needed in A.

Ok this indicated an autotriager flaw.  It is worth bringing these to my
attention sooner rather than later so they can be investigated.  I have
looked at the flaw and this is related to a new odd markup combination
coming from the security team where they are using upstream: and break-fix:
together (they are nominally mutually exclusive) and now using different
upstream repositories for linus' tree.  I have generalised the handling
for this situation and it is now resolved and the CVE matrix should
again show the truth.

I am slightly confused by your contention that T is not-affected as 4.4.122
has the fix; yes the hwe kernel is covered but the trusty GA kernel would
need separate handling.  The newly minted matrix output tends to confirm
this contention.


> Florian Westphal (1):
>   netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
>  net/bridge/netfilter/ebtables.c | 13 ++++++++++++-
>  1 file changed, 12 insertions(+), 1 deletion(-)
> -- 
> 2.17.0
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list