Hello Team,
A flaw was found in the Linux kernel A denial of service problem is
identified if an extent tree is corrupted in a crafted ext4 filesystem in
fs/ext4/extentsc in ext4_es_cache_extent Fabricating an integer overflow,
A local attacker with a special user privilege may cause a system crash
problem which can lead to an availability thre ...
Hi Greg,
Those are a lot of assumptions there I do wonder how you feel you can
ignore the CVE process the rest of the world is engaged in, while at the
same time boss around those engaged in it But setting aside the irony
of someone telling the world "if you want to know what was fixed or not,
we publish the source, figure it out for yoursel ...
Hi Sasha,
Both you and Greg certainly have control over stable kernel commit
messages (it's the same ability you use to add the upstream commit ID)
Greg at least receives private notification of security vulnerabilities
through security () kernel org I've privately received several complaints
from different researchers about what was lacking ...
On Wed, Mar 17, 2021 at 01:40:55PM +0100, Salvatore Bonaccorso wrote:
G>
It's hard to tell if those older kernels have this issue as the fix for
this does not apply at all, and even SUSE didn't backport the change as
it didn't seem relevant to them
But I'll gladly take backports if someone wants to provide them :)
Do distros consider "mou ...
Hi Greg,
On Wed, Mar 17, 2021 at 11:11:04AM +0100, Greg KH wrote:
It might be missing in some stable trees from a quick check I just
checked the SUSE bug and it lists the following three relevant
commits, whilst the last one seems the relevant one:
d176b1f62f24 "ext4: handle error of ext4_setup_system_zone() on remount"
bf9a379d0980 "ext4: don ...
On Fri, Mar 19, 2021 at 05:00:08PM -0400, Brad Spengler wrote:
And this is exactly my point: you are advocating for tens of people to
do detective work instead of just linking basic things like the commit
id in the announcement mail
Specially when the commits in question have been upstream for
months/years
--
Thanks,
Sasha ...
Hi!
On Wed 17-03-21 14:02:43, Greg Kroah-Hartman wrote:
I absolutely second this Please include in report if the problem is
already fixed and which commit fixed it Because I've just spent 20 minutes
this morning searching my mailboxes because I remembered I've been fixing a
problem that very much resembled this report but it took me a while to ...
On Wed, Mar 17, 2021 at 11:21:23AM +0530, Rohit Keshri wrote:
Please include what kernel version things like this were "found in" and
when it was fixed, otherwise you force everyone to go scramble just to
find that this was reported in July of 2020 and fixed then in the 59
kernel release and has already been backported to all relevant stable
ker ...
Hi Sasha,
For that particular one, the original email was:
seclistsorg/oss-sec/2021/q1/212
to which I had already replied here:
seclistsorg/oss-sec/2021/q1/220
The investigation for that email took only a few minutes It didn't have to
be done via the CVE link, as bugzillasusecom/show_bugcgi?id=1173485
was provided ...
On 17/03/2021 1111, Greg KH wrote:
Best regards,
Wolfgang
--
Wolfgang Frisch <wolfgangfrisch () suse com>
Security Engineer
OpenPGP fingerprint: A2E6 B7D4 53E9 544F BC13 D26B D9B3 56BD 4D4A 2D15
SUSE Software Solutions Germany GmbH
Maxfeldstr 5, 90409 Nuremberg, Germany
(HRB 36809, AG Nürnberg)
Managing Director: Felix Imendörffer ...
Hey Brad,
I'll let Greg respond on your concerns with him, I've removed those
references to him from my reply
On Fri, Mar 19, 2021 at 03:58:25PM -0400, Brad Spengler wrote:
So we do, but traditionally I haven't changed the commit message I also
don't have an additional source of information when I queue up the
commits, so I'm not sure how my ...