From: Kalle Valo <kvalo@codeaurora.org>
To: Arend van Spriel <arend.vanspriel@broadcom.com>
Cc: linux-wireless <linux-wireless@vger.kernel.org>
Subject: Re: using vulnerability ids in patches
Date: Thu, 07 Sep 2017 15:34:52 +0300 [thread overview]
Message-ID: <87bmmmn0ur.fsf@kamboji.qca.qualcomm.com> (raw)
In-Reply-To: <7415a11b-398c-69df-b39f-7b985f07112b@broadcom.com> (Arend van Spriel's message of "Thu, 7 Sep 2017 10:40:41 +0200")
Arend van Spriel <arend.vanspriel@broadcom.com> writes:
> Due to recent events we were asked about some vulnerability fixes for
> brcmfmac. We already fixed a couple of things without referring to a
> so-called CVE-ID, which is what people are asking for. Do we have a
> upstream policy on that? I could not really find anything in the
> Documentation folder (but I may have overlooked it). Might be worth
> mentioning in the commit message like with the coverity ids.
Johannes already answered, but I'll just add that this is all I know
about security patches:
If you have a patch that fixes an exploitable security bug, send that
patch to security@kernel.org. For severe bugs, a short embargo may be
considered to allow distributors to get the patch out to users; in
such cases, obviously, the patch should not be sent to any public
lists.
https://www.kernel.org/doc/html/latest/process/submitting-patches.html
I don't know if you should follow that in this case or not, just wanted
to point out this.
--
Kalle Valo
next prev parent reply other threads:[~2017-09-07 12:34 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-07 8:40 using vulnerability ids in patches Arend van Spriel
2017-09-07 8:59 ` Johannes Berg
2017-09-07 9:28 ` Arend van Spriel
2017-09-07 9:38 ` Arend van Spriel
2017-09-07 9:40 ` Johannes Berg
2017-09-07 9:59 ` Arend van Spriel
2017-09-07 12:34 ` Kalle Valo [this message]
2017-09-07 19:55 ` Arend van Spriel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87bmmmn0ur.fsf@kamboji.qca.qualcomm.com \
--to=kvalo@codeaurora.org \
--cc=arend.vanspriel@broadcom.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox