On Thu, Jun 06, 2019 at 07:58:35PM +0100, Ben Hutchings wrote:
On Mon, 2019-06-03 at 16:02 -0700, Zubin Mithra wrote:
Hello,
CVE-2019-12381 was fixed in the upstream linux kernel with the commit :-
- 425aa0e1d015 ("ip_sockglue: Fix missing-check bug in ip_ra_control()")
Could the patch be applied in order to v4.19.y, v4.14.y, v4.9.y and v4.4.y ?
Tests run:
- Chrome OS tryjobs
This doesn't fix a security vulnerability. There already was a check for allocation failure before dereferencing the returned pointer; it just wasn't in the most obvious place.
I've requested rejection of this CVE, and several other invalid reports from the same person.
And where did this 'invalid' come from? Did any maintainers claimed the patch 'invalid' or something? I am confused...
Thanks Gen
Ben.
-- Ben Hutchings Experience is what causes a person to make new mistakes instead of old ones.