From: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
To: u-boot@lists.denx.de
Cc: Fabio Estevam <festevam@denx.de>,
Nicolas Bidron <nicolas.bidron@nccgroup.com>,
Tom Rini <trini@konsulko.com>,
Joe Hershberger <joe.hershberger@ni.com>,
Ramon Fried <rfried.dev@gmail.com>
Subject: Re: [PATCH 0/6] broken CVE fix (b85d130ea0ca)
Date: Mon, 14 Nov 2022 10:35:51 +0100 [thread overview]
Message-ID: <4476ff8a-dbe3-df53-c98c-955e6cdad547@prevas.dk> (raw)
In-Reply-To: <20221014174342.3216982-1-rasmus.villemoes@prevas.dk>
On 14/10/2022 19.43, Rasmus Villemoes wrote:
> tl;dr: b85d130ea0ca didn't fix the CVE(s), but did break tftp of
> certain file sizes - which is somewhat lucky, since that's how I
> noticed in the first place.
>
At this point it seems unlikely that any more comments or reviews will
come, so perhaps its time to get these (all 7) merged to master, so that
they will get some wider testing before the January release?
Rasmus
next prev parent reply other threads:[~2022-11-14 9:36 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-14 17:43 [PATCH 0/6] broken CVE fix (b85d130ea0ca) Rasmus Villemoes
2022-10-14 17:43 ` [PATCH 1/6] net: improve check for no IP options Rasmus Villemoes
2022-10-16 18:23 ` Ramon Fried
2022-11-28 19:51 ` Tom Rini
2022-10-14 17:43 ` [PATCH 2/6] net: compare received length to sizeof(ip_hdr), not sizeof(ip_udp_hdr) Rasmus Villemoes
2022-11-28 19:51 ` Tom Rini
2022-10-14 17:43 ` [PATCH 3/6] net: (actually/better) deal with CVE-2022-{30790,30552} Rasmus Villemoes
2022-11-28 19:51 ` Tom Rini
2022-10-14 17:43 ` [PATCH 4/6] net: fix ip_len in reassembled IP datagram Rasmus Villemoes
2022-11-28 19:51 ` Tom Rini
2022-10-14 17:43 ` [PATCH 5/6] net: tftp: use IS_ENABLED(CONFIG_NET_TFTP_VARS) instead of #if Rasmus Villemoes
2022-10-16 18:28 ` Ramon Fried
2022-10-17 6:18 ` Rasmus Villemoes
2022-11-28 19:51 ` Tom Rini
2022-10-14 17:43 ` [PATCH 6/6] net: tftp: sanitize tftp block size, especially for TX Rasmus Villemoes
2022-10-16 18:30 ` Ramon Fried
2022-11-28 19:51 ` Tom Rini
2022-10-15 12:57 ` [PATCH 0/6] broken CVE fix (b85d130ea0ca) Fabio Estevam
2022-10-17 7:52 ` [PATCH 7/6] net: deal with fragment-overlapping-two-holes case Rasmus Villemoes
2022-11-28 19:52 ` Tom Rini
2022-11-14 9:35 ` Rasmus Villemoes [this message]
2022-11-14 13:04 ` [PATCH 0/6] broken CVE fix (b85d130ea0ca) Tom Rini
2022-11-17 0:32 ` Fabio Estevam
2022-11-28 8:10 ` Rasmus Villemoes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4476ff8a-dbe3-df53-c98c-955e6cdad547@prevas.dk \
--to=rasmus.villemoes@prevas.dk \
--cc=festevam@denx.de \
--cc=joe.hershberger@ni.com \
--cc=nicolas.bidron@nccgroup.com \
--cc=rfried.dev@gmail.com \
--cc=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox