Re: systemd CVE-2016-7796

To: Brian May <bam@debian.org>, debian-lts@lists.debian.org, team@security.debian.org
Subject: Re: systemd CVE-2016-7796
From: Ben Hutchings <ben@decadent.org.uk>
Date: Wed, 05 Oct 2016 22:32:30 +0100
Message-id: <[🔎] 1475703150.2632.175.camel@decadent.org.uk>
In-reply-to: <[🔎] 87bmyyijxv.fsf@prune.linuxpenguins.xyz>
References: <[🔎] 87h98ri8ef.fsf@prune.linuxpenguins.xyz> <[🔎] 1475670785.2632.149.camel@decadent.org.uk> <[🔎] 87eg3uike4.fsf@prune.linuxpenguins.xyz> <[🔎] 87bmyyijxv.fsf@prune.linuxpenguins.xyz>

On Thu, 2016-10-06 at 08:07 +1100, Brian May wrote:
> Here is a new revised patch:

You're trying to make multiple changes in one patch, and still not
getting all of them.  I think you will need to apply (at least) this
series of patches:

1. Change from version 219 that removed the treatment of n < 0 as an
error
2. Fix for CVE-2016-7796
3. If-the-notification-message-length-is-0-ignore-the-messag.patch
4. pid1-process-zero-length-notification-messages-again.patch

Ben.

-- 
Ben Hutchings
Sturgeon's Law: Ninety percent of everything is crap.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Re: systemd CVE-2016-7796
  - From: Brian May <bam@debian.org>
- Re: systemd CVE-2016-7796
  - From: Brian May <bam@debian.org>

References:
- systemd CVE-2016-7796
  - From: Brian May <bam@debian.org>
- Re: systemd CVE-2016-7796
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: systemd CVE-2016-7796
  - From: Brian May <bam@debian.org>
- Re: systemd CVE-2016-7796
  - From: Brian May <bam@debian.org>

Prev by Date: Re: systemd CVE-2016-7796
Next by Date: Re: Wheezy update of bash?
Previous by thread: Re: systemd CVE-2016-7796
Next by thread: Re: systemd CVE-2016-7796
Index(es):
- Date
- Thread