From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from prod-mail-xrelay05.akamai.com ([23.79.238.179]:60054 "EHLO
        prod-mail-xrelay05.akamai.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1756077AbcKJW7T (ORCPT
        <rfc822;stable@vger.kernel.org>); Thu, 10 Nov 2016 17:59:19 -0500
From: Josh Hunt <johunt@akamai.com>
Subject: Fix for CVE-2016-7097 missing from linux-4.1.y
To: jack@suse.cz
Cc: "Levin, Alexander" <alexander.levin@verizon.com>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>
Message-ID: <5824FBC5.7060606@akamai.com>
Date: Thu, 10 Nov 2016 16:59:17 -0600
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

Hi Jan

You are the author of commit 073931017b49 ("posix_acl: Clear SGID bit 
when setting file permissions") which has been identified to resolve 
CVE-2016-7097, but is missing from linux-4.1.y.

If you believe this commit should be part of linux-4.1.y can you please 
reply with your approval for its inclusion?

Thanks!
Josh

P.S.: This is my first attempt at trying to make sure all known CVE 
fixes are in the stable kernels. After a discussion with Sasha at 
Plumbers I'd like to start doing this on a regular basis. Any feedback 
here is welcome.

---
Full list of CVEs associated with 4.1.y can be found here:
http://joshuahunt.github.io/cve-tracker/linux-4.1.y-stable-cve-list.html