lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 11 Feb 2016 09:11:40 +0100
From:	Philipp Hahn <hahn@...vention.de>
To:	David Howells <dhowells@...hat.com>, stable@...r.kernel.org,
	Sasha Levin <sasha.levin@...cle.com>,
	linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] Miscellaneous keyrings and modsign fixes

Hello David, cc:stable, cc:Sasha,

Am 25.09.2015 um 17:54 schrieb David Howells:
> Can you pass these changes on to Linus?  There are four:
...
>  (3) Don't strip leading zeros from the key ID when using it to construct a
>      key description lest this make the key not match.

That commit e7c87bef7de2417b219d4dbfe8d33a0098a8df54 went into v4.3-rc4
and is required to fix dd2f6c4481debfa389c1f2b2b1d5bd6449c42611, which
was introduced with 3.18-rc1. As thus I recommend back-porting that fix
and inclusion into
 4.2
 4.1
 4.0
 3.19
 3.18
The patch is simple enough to be cherry-picked into each branch without
any fuzz.

We hit that bug and Ubuntu did too:
<https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1494943>

Thanks.

Philipp Hahn

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ