[T/A][PATCH 0/1] CVE-2018-1068
Khalid Elmously
khalid.elmously at canonical.com
Tue May 15 03:08:52 UTC 2018
On 2018-05-14 10:40:10 , Andy Whitcroft wrote:
> On Mon, May 14, 2018 at 01:41:27AM -0400, Khalid Elmously wrote:
>
> > CVE matrix shows this fix as needed for T/X/A/B/C. However the fix is
> > already part of linux-stable 4.4.122 (so T/X have it) and linux-stable
> > 4.15.10 (so B/C have it). So only needed in A.
>
> Ok this indicated an autotriager flaw. It is worth bringing these to my
> attention sooner rather than later so they can be investigated. I have
> looked at the flaw and this is related to a new odd markup combination
> coming from the security team where they are using upstream: and break-fix:
> together (they are nominally mutually exclusive) and now using different
> upstream repositories for linus' tree. I have generalised the handling
> for this situation and it is now resolved and the CVE matrix should
> again show the truth.
>
> I am slightly confused by your contention that T is not-affected as 4.4.122
> has the fix; yes the hwe kernel is covered but the trusty GA kernel would
> need separate handling. The newly minted matrix output tends to confirm
> this contention.
Yes I was thinking of the 4.4 trusty kernels for some reason. You're right, GA trusty needs this fix too, and it applies cleanly there.
Thanks for the feedback.
>
> -apw
>
> >
> >
> > Florian Westphal (1):
> > netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
> >
> > net/bridge/netfilter/ebtables.c | 13 ++++++++++++-
> > 1 file changed, 12 insertions(+), 1 deletion(-)
> >
> > --
> > 2.17.0
> >
> >
> > --
> > kernel-team mailing list
> > kernel-team at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list