On Tue, Jun 04, 2019 at 09:52:35AM +0200, Greg KH wrote:
On Mon, Jun 03, 2019 at 10:31:15AM -0700, Zubin Mithra wrote:
Hello,
CVE-2019-12378 was fixed in the upstream linux kernel with the following commit.
- 95baa60a0da8 ("ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()")
A CVE was created for that tiny thing?
Hah, no, I think I'll refuse to apply it just for the very point of it. That's something that can not be triggered by normal operations, right? It's a bugfix-for-the-theoritical from what I can see...
Could the patch be applied to v4.19.y, v4.14.y, v4.9.y and v4.4.y?
Why are you ignoring 5.1?
Also, stable networking patches need to come from the networking maintainer, as the documentation states, so I shouldn't be applying this directly anyway. If Dave thinks it is worth to backport, I'll gladly apply it from his submissions, so you need to convince him, not me.
thanks,
greg k-h