From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Harshit Mogalapalli <harshit.m.mogalapalli@oracle.com>
Cc: netfilter-devel@vger.kernel.org,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
Vegard Nossum <vegard.nossum@oracle.com>
Subject: Re: Testing stable backports for netfilter
Date: Tue, 11 Jun 2024 11:00:10 +0200 [thread overview]
Message-ID: <ZmgSGteku0GwbM8O@calendula> (raw)
In-Reply-To: <ZmgNr0y2gCR4YW_K@calendula>
On Tue, Jun 11, 2024 at 10:41:22AM +0200, Pablo Neira Ayuso wrote:
> On Tue, Jun 11, 2024 at 11:28:29AM +0530, Harshit Mogalapalli wrote:
> > On 11/06/24 03:29, Pablo Neira Ayuso wrote:
> > > On Mon, Jun 10, 2024 at 11:51:53PM +0530, Harshit Mogalapalli wrote:
> > > > Hello netfilter developers,
> > > >
> > > > Do we have any tests that we could run before sending a stable backport in
> > > > netfilter/ subsystem to stable@vger ?
> > > >
> > > > Let us say we have a CVE fix which is only backported till 5.10.y but it is
> > > > needed is 5.4.y and 4.19.y, the backport might need to easy to make, just
> > > > fixing some conflicts due to contextual changes or missing commits.
> > >
> > > Which one in particular is missing?
> >
> > I was planning to backport the fix for CVE-2023-52628 onto 5.4.y and 4.19.y
> > trees.
> >
> > lts-5.10 : v5.10.198 - a7d86a77c33b netfilter: nftables:
> > exthdr: fix 4-byte stack OOB write
> > lts-5.15 : v5.15.132 - 1ad7b189cc14 netfilter: nftables:
> > exthdr: fix 4-byte stack OOB write
> > lts-6.1 : v6.1.54 - d9ebfc0f2137 netfilter: nftables:
> >
> > exthdr: fix 4-byte stack OOB write
> > mainline : v6.6-rc1 - fd94d9dadee5 netfilter: nftables:
> > exthdr: fix 4-byte stack OOB write
>
> This is information is incorrect.
>
> This fix is already in 6.1 -stable.
Ah, you refer to 4.19 and 5.4, that is correct.
I have just enqueued -stable backports, those are easy.
Thanks for reporting.
> commit d9ebfc0f21377690837ebbd119e679243e0099cc
> Author: Florian Westphal <fw@strlen.de>
> Date: Tue Sep 5 23:13:56 2023 +0200
>
> netfilter: nftables: exthdr: fix 4-byte stack OOB write
>
> [ Upstream commit fd94d9dadee58e09b49075240fe83423eb1dcd36 ]
prev parent reply other threads:[~2024-06-11 9:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-10 18:21 Testing stable backports for netfilter Harshit Mogalapalli
2024-06-10 21:59 ` Pablo Neira Ayuso
2024-06-11 5:58 ` Harshit Mogalapalli
2024-06-11 8:41 ` Pablo Neira Ayuso
2024-06-11 8:59 ` Vegard Nossum
2024-06-11 9:00 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZmgSGteku0GwbM8O@calendula \
--to=pablo@netfilter.org \
--cc=harshit.m.mogalapalli@oracle.com \
--cc=netfilter-devel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.