On Mon, Dec 17, 2018 at 08:42:38PM +0100, Loic wrote:
Le 2018-12-17 09:19, Greg KH a écrit :
On Sun, Dec 16, 2018 at 09:08:20PM +0100, Loic wrote:
Le 2018-12-16 20:27, Steven Rostedt a écrit :
On Sun, 16 Dec 2018 09:52:33 +0100 Greg KH gregkh@linuxfoundation.org wrote:
On Sat, Dec 15, 2018 at 06:25:37PM +0100, Loic wrote:
Hello,
Please picked up this patch for linux 4.4 and 4.9. This fixes CVE-2017-0605 (Rejected?). Tested in Debian ;)
It was rejected as a CVE for a good reason, and that reason is also why I refused to add it to the stable kernel releases. In short, this is not an issue or bug at all, there is nothing wrong with the existing code.
I'm starting to regret that I ever accepted the original patch :-(
-- Steve
Okay, I hadn't looked at the previous conversations because this change is in the upstream and in debian...
Upstream is fine, it's a valid change so that people don't keep sending the crazy patch over and over.
Debian is just cargo-culting the thing and should probably drop it as it keeps coming back to me every 3 months or so, and I have to reject it again :(
thanks,
greg k-h
Why didn't you follow the upstream or add a comment "no change for fake CVE-2017-0605" to break the debian patch ?
How can I change upstream? The commit can not be changed once it is merged.
greg k-h