From: Willy Tarreau <w@1wt.eu>
To: Greg KH <greg@kroah.com>
Cc: Jiri Slaby <jslaby@suse.cz>, Sasha Levin <sasha.levin@oracle.com>,
LKML <linux-kernel@vger.kernel.org>,
stable <stable@vger.kernel.org>,
lwn@lwn.net
Subject: Re: stable-security kernel updates
Date: Thu, 21 Apr 2016 14:50:38 +0200 [thread overview]
Message-ID: <20160421125038.GA9918@1wt.eu> (raw)
In-Reply-To: <20160421123918.GA2294@kroah.com>
On Thu, Apr 21, 2016 at 09:39:18PM +0900, Greg KH wrote:
> On Thu, Apr 21, 2016 at 02:05:41PM +0200, Jiri Slaby wrote:
> > On 04/21/2016, 01:59 PM, Jiri Slaby wrote:
> > >> (CVE-2016-2085) 613317b EVM: Use crypto_memneq() for digest comparisons
> > >
> > > Does not exist in the CVE database/is not confirmed yet AFAICS.
> >
> > And now I am looking at the patch and I remember why I threw it away.
> > crypto_memneq is not in 3.12 yet and I was not keen enough to backport it.
>
> Which brings up the question, Sasha, why did you think these CVEs were
> relevant for 3.12? What were you basing that list on?
Yep same question here because in fact checking what is *missing* is
harder than checking what should not have been there. I'm pretty sure
I missed a lot of things in 2.6.32 (though Ben and Moritz helped a lot)
but precisely the fact that they provided me fixes I wasn't aware of is
a sign that I can miss things.
Any reliable process to check for missing fixes is welcome of course. For
now the best way I found is to pick from more recent stable versions, which
also ensures people upgrading from and older branch to a newer branch will
not find a bug they used to see fixed.
Cheers,
Willy
next prev parent reply other threads:[~2016-04-21 12:50 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-20 19:50 stable-security kernel updates Sasha Levin
2016-04-21 6:43 ` Jiri Slaby
2016-04-21 7:11 ` Willy Tarreau
2016-04-21 11:27 ` Sasha Levin
2016-04-21 12:36 ` Greg KH
2016-04-21 14:01 ` Sasha Levin
2016-04-21 14:12 ` Willy Tarreau
2016-04-21 11:11 ` Sasha Levin
2016-04-21 11:59 ` Jiri Slaby
2016-04-21 12:05 ` Jiri Slaby
2016-04-21 12:39 ` Greg KH
2016-04-21 12:50 ` Willy Tarreau [this message]
2016-04-21 13:54 ` Sasha Levin
2016-04-21 14:13 ` Jiri Slaby
2016-04-21 14:19 ` Willy Tarreau
2016-04-21 14:27 ` Sasha Levin
2016-04-21 14:33 ` Willy Tarreau
2016-04-25 23:14 ` Ben Hutchings
2016-04-26 4:40 ` Willy Tarreau
2016-04-26 4:40 ` Willy Tarreau
2016-04-21 13:53 ` Sasha Levin
2016-04-21 14:54 ` Jiri Slaby
2016-04-21 15:50 ` Sasha Levin
2016-04-21 19:32 ` Sasha Levin
2016-04-21 12:26 ` Bjørn Mork
2016-04-21 12:56 ` Willy Tarreau
2016-04-21 14:16 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160421125038.GA9918@1wt.eu \
--to=w@1wt.eu \
--cc=greg@kroah.com \
--cc=jslaby@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=lwn@lwn.net \
--cc=sasha.levin@oracle.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.