Re: CVE-2025-2312 in cifs-utils
Hi Noah,
On Tue, Apr 22, 2025 at 09:03:16PM +0200, Salvatore Bonaccorso wrote:
> Hi Noah,
>
> On Tue, Apr 22, 2025 at 02:16:04PM -0400, Noah Meyerhans wrote:
> > On Tue, Apr 22, 2025 at 07:58:56PM +0200, Salvatore Bonaccorso wrote:
> > > Speaking for the kernel-team: No, if we want that change in stable and
> > > for the 6.1.y kernel then it should be accepted upstream in the 6.1.y
> > > series. As alternative your employer might use backports kernel?
> >
> > The kernel change was introduced with 6.13, so backports doesn't help
> > yet. I'll work with my employer's kernel folkѕ on getting the kernel
> > change applied to the 6.x LTS branches, and will revisit this with the
> > cifs-utils maintainers once it's available there.
>
> Just for clarity, yes I know, the target kernel for trixie will be
> 6.12.y based, what i meant is once we have backports there. Sorry that
> I was not clear about it.
FYI: https://bugs.debian.org/1105747 for the cifs-utils side.
The commit got queued for the 6.12.y series:
https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/commit/?id=7294cf6ff42482531f62f9b2a74d9c7ee00bbb59
Regards,
Salvatore
Reply to: