| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Mar 2017 14:03:15 -0700
From: Dmitry Torokhov <dmitry.torokhov@...il.com>
To: Johan Hovold <johan@...nel.org>
Cc: Oliver Neukum <oneukum@...e.com>, linux-input@...r.kernel.org,
linux-kernel@...r.kernel.org, linux-usb@...r.kernel.org,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: Re: [PATCH 0/7] Input: fix NULL-derefs at probe
On Fri, Mar 17, 2017 at 11:53:37AM +0100, Johan Hovold wrote:
> On Thu, Mar 16, 2017 at 03:37:28PM -0700, Dmitry Torokhov wrote:
> > On Mon, Mar 13, 2017 at 04:45:52PM +0100, Johan Hovold wrote:
> > > On Mon, Mar 13, 2017 at 04:15:18PM +0100, Oliver Neukum wrote:
> > > > Am Montag, den 13.03.2017, 13:35 +0100 schrieb Johan Hovold:
> > > > > This series fixes a number of NULL-pointer dereferences due to
> > > > > missing endpoint sanity checks that can be triggered by a
> > > > > malicious USB device.
>
> > Applied the lot.
>
> I noticed you dropped the Fixes tag from the patches that fix bugs which
> predate git. While this is probably not much of an issue in this case, I
> think it's generally a bad idea since we're loosing information this
> way, and this specifically makes it harder for the stable maintainers to
> figure out which tree to backport a fix to.
As far as I know the rule is: if no special markings then stable patch
should be applied as far as it can go.
There is no reason to say specify 2.6.12 commit, as in fact the
offending change is likely to be even earlier, so the annotation would
be effectively wrong.
Thanks.
--
Dmitry
Powered by blists - more mailing lists