lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140907031814.GA961@kroah.com>
Date:	Sat, 6 Sep 2014 20:18:14 -0700
From:	Greg KH <gregkh@...uxfoundation.org>
To:	Matt <jackdachef@...il.com>
Cc:	Linux Kernel <linux-kernel@...r.kernel.org>,
	ReiserFS Mailing List <reiserfs-devel@...r.kernel.org>
Subject: Re: linux-3.16.2 queue (3.16.1+)

On Sun, Sep 07, 2014 at 02:47:55AM +0200, Matt wrote:
> On Thu, Aug 28, 2014 at 9:18 PM, Matt <jackdachef@...il.com> wrote:
> > On Thu, Aug 28, 2014 at 5:32 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
> >> On Thu, Aug 28, 2014 at 05:27:27PM +0200, Matt wrote:
> >>> On Thu, Aug 28, 2014 at 5:22 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
> >>> > On Thu, Aug 28, 2014 at 05:16:58PM +0200, Matt wrote:
> >>> >> Hi Greg,
> >>> >>
> >>> >>
> >>> >> please consider adding the following 2 patches to 3.16.2:
> >>> >>
> >>> >> Jan Kara (1):
> >>> >>       reiserfs: Fix use after free in journal teardown
> >>> >>
> >>> >> Jeff Mahoney (1):
> >>> >>       reiserfs: fix corruption introduced by balance_leaf refactor
> >>> >>
> >>> >>
> >>> >>
> >>> >> Reason/Related:
> >>> >>
> >>> >> https://bugzilla.kernel.org/show_bug.cgi?id=83121
> >>> >>
> >>> >> https://bugzilla.kernel.org/show_bug.cgi?id=83321
> >>> >>
> >>> >> http://forums.gentoo.org/viewtopic-t-998538-postdays-0-postorder-asc-start-0.html
> >>> >>
> >>> >>
> >>> >> Many thanks in advance
> >>> >
> >>> > I need git commit ids of these patches in Linus's tree, can you provide
> >>> > those please?
> >>> >
> >>> > thanks,
> >>> >
> >>> > greg k-h
> >>>
> >>>
> >>> Sure:
> >>>
> >>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d
> >>> reiserfs: fix corruption introduced by balance_leaf refactor
> >>>
> >>>
> >>> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=01777836c87081e4f68c4a43c9abe6114805f91e
> >>> reiserfs: Fix use after free in journal teardown
> >>>
> >>>
> >>>
> >>> are checkpatch warnings usually also fixed within stable releases ?
> >>
> >> No, not at all, please read Documentation/stable_kernel_patches.txt for
> >> what is acceptable for stable kernel patches.
> >>
> >> thanks,
> >>
> >> greg k-h
> >
> >
> > okay, will do
> >
> > thanks for pointing that out
> >
> >
> > Regards
> >
> > Matt
> 
> Hi Greg,
> 
> could you please add the above mentioned two patches
> 
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=27d0e5bc85f3341b9ba66f0c23627cf9d7538c9d
> reiserfs: fix corruption introduced by balance_leaf refactor
> 
> 
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=01777836c87081e4f68c4a43c9abe6114805f91e
> reiserfs: Fix use after free in journal teardown
> 
> in next stable (3.16.3) kernel ?
> 
> more and more people seem to be affected by the data corruption
> introduced by the recent changes.
> 
> 
> Reading through Documentation/stable_kernel_rules.txt,
> http://cwe.mitre.org/data/definitions/416.html and
> http://www.hpenterprisesecurity.com/vulncat/en/vulncat/cpp/use_after_free.html
> 
> both patches seem relevant enough (concerning data integrity
> filesystem-wise and security) to be included for the stable branch

I'll queue this up when I get a chance, there are over 300 patches
pending for the stable kernels right now :(

Also, in the future, always cc stable@...r.kernel.org for any stable
requests so that they don't get lost.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ