Hello, Yuki, all, My commit fa52bd506f resolves CVE-2015-7833, as mentioned in https://www.spinics.net/lists/linux-media/msg96936.html
Please, note a message from Hans down this thread, who agrees with my point. Best regards, Vladis Dronov | Red Hat, Inc. | Product Security Engineer ----- Original Message ----- From: "Yuki Machida" <machida.y...@jp.fujitsu.com> To: "Vladis Dronov" <vdro...@redhat.com> Cc: "sasha levin" <sasha.le...@oracle.com>, linux-media@vger.kernel.org, sta...@vger.kernel.org, hverk...@xs4all.nl, oneu...@suse.com, mche...@osg.samsung.com, r...@spenneberg.net Sent: Friday, April 15, 2016 10:31:17 AM Subject: Re: Backport a Security Fix for CVE-2015-7833 to v4.1 Hi Vladis, > I apologize for intercepting, but I believe commit 588afcc1 should > not be accepted and reverted in the trees where it was. > > Reasons: > > https://patchwork.linuxtv.org/patch/32798/ > or > https://www.spinics.net/lists/linux-media/msg96936.html Thank you for your reply. If it revert commit 588afcc1 from the kernel, It exists a Security Issue of CVE-2015-7833. What do you think about it? Best regards, Yuki Machida On 2016年04月11日 21:03, Vladis Dronov wrote: > Hello, > > I apologize for intercepting, but I believe commit 588afcc1 should > not be accepted and reverted in the trees where it was. > > Reasons: > > https://patchwork.linuxtv.org/patch/32798/ > or > https://www.spinics.net/lists/linux-media/msg96936.html > > > Best regards, > Vladis Dronov | Red Hat, Inc. | Product Security Engineer > > ----- Original Message ----- > From: "Yuki Machida" <machida.y...@jp.fujitsu.com> > To: "sasha levin" <sasha.le...@oracle.com> > Cc: linux-media@vger.kernel.org, sta...@vger.kernel.org, hverk...@xs4all.nl, > oneu...@suse.com, vdro...@redhat.com, mche...@osg.samsung.com, > r...@spenneberg.net > Sent: Monday, April 11, 2016 7:19:34 AM > Subject: Backport a Security Fix for CVE-2015-7833 to v4.1 > > Hi Sasha, > > I conformed that these patches for CVE-2015-7833 not applied at v4.1.21. > 588afcc1c0e45358159090d95bf7b246fb67565 > fa52bd506f274b7619955917abfde355e3d19ff > Could you please apply this CVE-2015-7833 fix for 4.1-stable ? > > References: > https://security-tracker.debian.org/tracker/CVE-2015-7833 > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=588afcc1c0e45358159090d95bf7b246fb67565f > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa52bd506f274b7619955917abfde355e3d19ffe > > Regards, > Yuki Machida > -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
