[kernel] r4858 - patch-tracking
Simon Horman
horms at costa.debian.org
Mon Nov 21 09:18:49 UTC 2005
Author: horms
Date: Mon Nov 21 09:18:48 2005
New Revision: 4858
Modified:
patch-tracking/CVE-2005-3527
Log:
My 2c worth on CVE-2005-3527
Modified: patch-tracking/CVE-2005-3527
==============================================================================
--- patch-tracking/CVE-2005-3527 (original)
+++ patch-tracking/CVE-2005-3527 Mon Nov 21 09:18:48 2005
@@ -12,7 +12,18 @@
look different.
Applying all the prereq changes to get our code to resemble the fixed
code does not look feasible; there are a lot, and some add new features.
+ horms> This specific problem seems to haev been introduced by the
+ changeset above. That changeset fixed a problem where STOP signals
+ weren't correctly canceled if SIGTERM or SIGCONT arrived.
+ However, that problem seems a lot more mild than CVE-2005-3527.
+ And I agree with dannf's analysis that backporting is too hard.
+ To support this, look at how many times STOP signal races
+ have been fixed since 2.6.8 and note that problems are still
+ being found.
dannf> Same with 2.4.27.
+ horms> I'm not entirely sure that 2.4.27 suffers from any of these
+ problems. But I think it is fair to say that if it does,
+ backporting is too hard for the same reasons as 2.6.8.
Bugs:
upstream: released (2.6.14)
2.6.14: N/A
More information about the Kernel-svn-changes
mailing list