CVE-2011-1493
Bugs in both facilities parsing and in request validation can
lead to heap corruption.
The fixes for this are in oneiric via mainline and one of the two fixes has
hit lucid and later via stable updates. Following this email are patch
sets for all of the remaining affected branches. All of the patches
except for hardy 3/3 are cherry-picks from mainline, hardy 3/3 is a
trivial backport. There is a small preparitory cleanup patch included
in some sets to simplify the port. I am including all of the sets as
they nearly all differ in patch combinations.
Note that from a review point of view, except for hardy 3/3, where a patch
appears in more than one set the patch is an identicle change in all sets.
Proposing for hardy, lucid, lucid/fsl-imx51, maverick/ti-omap4, natty,
and natty/ti-omap4.
-apw
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
07-28-2011, 01:18 PM
Stefan Bader
rose networking validation issues
On 28.07.2011 12:05, Andy Whitcroft wrote:
> CVE-2011-1493
> Bugs in both facilities parsing and in request validation can
> lead to heap corruption.
>
> The fixes for this are in oneiric via mainline and one of the two fixes has
> hit lucid and later via stable updates. Following this email are patch
> sets for all of the remaining affected branches. All of the patches
> except for hardy 3/3 are cherry-picks from mainline, hardy 3/3 is a
> trivial backport. There is a small preparitory cleanup patch included
> in some sets to simplify the port. I am including all of the sets as
> they nearly all differ in patch combinations.
>
> Note that from a review point of view, except for hardy 3/3, where a patch
> appears in more than one set the patch is an identicle change in all sets.
Took me a bit to grasp the wisdom of the above... :-P
>
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick/ti-omap4, natty,
> and natty/ti-omap4.
>
> -apw
>
All patches look like to folllow the upstream counterparts and to do what the
descriptions suggests.
Acked-by: Stefan Bader <stefan.bader@canonical.com>
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
07-28-2011, 01:18 PM
Stefan Bader
rose networking validation issues
On 28.07.2011 12:05, Andy Whitcroft wrote:
> CVE-2011-1493
> Bugs in both facilities parsing and in request validation can
> lead to heap corruption.
>
> The fixes for this are in oneiric via mainline and one of the two fixes has
> hit lucid and later via stable updates. Following this email are patch
> sets for all of the remaining affected branches. All of the patches
> except for hardy 3/3 are cherry-picks from mainline, hardy 3/3 is a
> trivial backport. There is a small preparitory cleanup patch included
> in some sets to simplify the port. I am including all of the sets as
> they nearly all differ in patch combinations.
>
> Note that from a review point of view, except for hardy 3/3, where a patch
> appears in more than one set the patch is an identicle change in all sets.
Took me a bit to grasp the wisdom of the above... :-P
>
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick/ti-omap4, natty,
> and natty/ti-omap4.
>
> -apw
>
All patches look like to folllow the upstream counterparts and to do what the
descriptions suggests.
Acked-by: Stefan Bader <stefan.bader@canonical.com>
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
07-28-2011, 01:18 PM
Stefan Bader
rose networking validation issues
On 28.07.2011 12:05, Andy Whitcroft wrote:
> CVE-2011-1493
> Bugs in both facilities parsing and in request validation can
> lead to heap corruption.
>
> The fixes for this are in oneiric via mainline and one of the two fixes has
> hit lucid and later via stable updates. Following this email are patch
> sets for all of the remaining affected branches. All of the patches
> except for hardy 3/3 are cherry-picks from mainline, hardy 3/3 is a
> trivial backport. There is a small preparitory cleanup patch included
> in some sets to simplify the port. I am including all of the sets as
> they nearly all differ in patch combinations.
>
> Note that from a review point of view, except for hardy 3/3, where a patch
> appears in more than one set the patch is an identicle change in all sets.
Took me a bit to grasp the wisdom of the above... :-P
>
> Proposing for hardy, lucid, lucid/fsl-imx51, maverick/ti-omap4, natty,
> and natty/ti-omap4.
>
> -apw
>
All patches look like to folllow the upstream counterparts and to do what the
descriptions suggests.
Acked-by: Stefan Bader <stefan.bader@canonical.com>
--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
rose networking validation issues
