Re: CVE-2004-0887 in 2.4
On Mon, Jan 30, 2006 at 06:35:29PM +0100, Bastian Blank wrote:
> On Sun, Jan 29, 2006 at 10:59:54PM -0700, dann frazier wrote:
> > I think I'll go ahead and put this into our tree & revert if it causes
> > problems.
>
> It is better to add it to the s390 patch.
Could you please explain why you think that is better.
I'm not sure that I understand the merrits of adding a fix
into the mish-mash of a much larger patch, rather than
leaving it separate. Does it have (a negative) impact on other
architectures?
> > The vulnerable code looks to be present in 2.4.27 as well, but I don't
> > see a patch in either kernel-source-2.4.27 or the s390 patch package.
> > I've tried my hand at porting it (below). Should we apply it? If so,
> > where is the proper place to submit it upstream - direct to
> > lkml/Marcelo?
>
> 2.4 vanilla does not work for s390 and it is not longer supported by
> ibm.
That may be true, but isn't 2.4.27 s390 still in Sarge?
I guess we should addit to sarge2, but leave Marcelo out of the loop.
--
Horms
Reply to: