lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20160823.094029.1244944495918162255.davem@davemloft.net> Date: Tue, 23 Aug 2016 09:40:29 -0700 (PDT) From: David Miller <davem@...emloft.net> To: luis.henriques@...onical.com Cc: avijitnsec@...eaurora.org, ben@...adent.org.uk, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: CVE-2014-9900 fix is not upstream From: Luis Henriques <luis.henriques@...onical.com> Date: Tue, 23 Aug 2016 14:41:07 +0100 > Digging through some old CVEs I came across this one that doesn't seem be > in mainline. Was there a good reason for not being sent upstream? Maybe it was > rejected for some reason and I failed to find the discussion. Because the patch is completely bogus, and thus so is the CVE. The variable initializer clears out the entire structure. Until you can show compiler output from gcc that shows it not initializing the structure I will not apply this patch because I know that it faithfully does.
Powered by blists - more mailing lists