[Secure-testing-team] Re: [linux-2.6] Fix signedness issues in
net/core/filter.c
Florian Weimer
fw at deneb.enyo.de
Wed Oct 26 18:18:57 UTC 2005
> On Tue, Oct 25, 2005 at 05:35:19PM +0200, Florian Weimer wrote:
>> Is the issue described below already on your radar screen? I couldn't
>> find it in the relevant files. AFAICT, no CVE name has been assigned.
>
> Its the first I've seen of it, but that doesn't mean much.
> Which GIT tree is the commit from, I checked Linus' 2.6 and it
> doesn't seem to be there. Alternatively, is there a mailing list
> discussion you can point me to?
It seems to be in Linus' tree. Note that it is not actually recent.
<http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=55820ee2f8c767a2833b21bd365e5753f50bd8ce>
There hasn't been a real discussion. I was alerted to this commit by
Herbert Xu's message:
From: Herbert Xu <herbert at gondor.apana.org.au>
Subject: Re: [CHECKER] buffer overflows in net/core/filter.c?
To: engler at csl.stanford.edu
Cc: linux-kernel at vger.kernel.org, engler at cs.stanford.edu,
jschlst at samba.org, mc at cs.stanford.edu, kaber at trash.net
Date: Sun, 16 Oct 2005 21:55:48 +1000
Organization: Core
Message-Id: <E1ER77E-0002N0-00 at gondolin.me.apana.org.au>
I found another message referencing this problem.
From: Chris Wright <chrisw at osdl.org>
Subject: [05/13] [NET]: Fix signedness issues in net/core/filter.c
To: linux-kernel at vger.kernel.org, stable at kernel.org
Cc: Justin Forbes <jmforbes at linuxtx.org>,
Zwane Mwaikambo <zwane at arm.linux.org.uk>,
"Theodore Ts'o" <tytso at mit.edu>,
Randy Dunlap <rdunlap at xenotime.net>,
Chuck Wolber <chuckw at quantumlinux.com>, torvalds at osdl.org,
akpm at osdl.org, alan at lxorguk.ukuu.org.uk,
Patrick McHardy <kaber at trash.net>
Date: Tue, 2 Aug 2005 23:53:48 -0700
Message-ID: <20050803065348.GT7762 at shell0.pdx.osdl.net>
Enyo-Status: sender=12.107.209.244 asn=22753 hflags= mflags=k
This one suggests it was part of 12.6.2.4. Indeed, there seems to be
this change:
<http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e>
More information about the Secure-testing-team
mailing list