| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a2e5de22-f5d1-4f99-ab37-93343b5c68b1@oracle.com>
Date: Wed, 26 Feb 2025 11:28:35 -0500
From: Chuck Lever <chuck.lever@...cle.com>
To: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: viro@...iv.linux.org.uk, brauner@...nel.org, jack@...e.cz,
linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
stable <stable@...nel.org>, Takashi Iwai <tiwai@...e.de>
Subject: Re: [PATCH] Revert "libfs: Use d_children list to iterate
simple_offset directories"
On 2/26/25 11:21 AM, Greg Kroah-Hartman wrote:
> On Wed, Feb 26, 2025 at 10:57:48AM -0500, Chuck Lever wrote:
>> On 2/26/25 9:29 AM, Greg Kroah-Hartman wrote:
>>> This reverts commit b9b588f22a0c049a14885399e27625635ae6ef91.
>>>
>>> There are reports of this commit breaking Chrome's rendering mode. As
>>> no one seems to want to do a root-cause, let's just revert it for now as
>>> it is affecting people using the latest release as well as the stable
>>> kernels that it has been backported to.
>>
>> NACK. This re-introduces a CVE.
>
> As I said elsewhere, when a commit that is assigned a CVE is reverted,
> then the CVE gets revoked. But I don't see this commit being assigned
> to a CVE, so what CVE specifically are you referring to?
https://nvd.nist.gov/vuln/detail/CVE-2024-46701
The guideline that "regressions are more important than CVEs" is
interesting. I hadn't heard that before.
Still, it seems like we haven't had a chance to actually work on this
issue yet. It could be corrected by a simple fix. Reverting seems
premature to me.
--
Chuck Lever
Powered by blists - more mailing lists