Re: planned 2.6.35.x -stable release for critical x86-64vulnerabilities ?

[Greg KH]

On Mon, Sep 20, 2010 at 12:53:20PM -0400, Mathieu Desnoyers wrote:
> Hi Greg,
> 
> Sorry to have to ask this, but I was wondering about the ETA for the next round
> of -stable releases including fixes for the following bugs that seems to be
> actively exploited in the wild
> (http://blog.iweb.com/en/2010/09/64bits-linux-important-security-vulnerability-identified/5437.html
> http://isc.sans.edu/diary.html?storyid=9574):
> 
> CVE-2010-3081 (fixed by upstream
> commit c41d68a513c71e35a14f66d71782d27a79a81ea6)
> "compat: Make compat_alloc_user_space() incorporate the access_ok()"
> 
> and
> CVE-2010-3301 (fixed by upstream
> commit 36d001c70d8a0144ac1d038f6876c484849a74de
> "x86-64, compat: Test %rax for the syscall number, not %eax"
> and
> commit
> commit eefdca043e8391dcd719711716492063030b55ac
> "x86-64, compat: Retruncate rax after ia32 syscall entry tracing")
> 
> I'd like to rebase the LTTng tree on top of -stable as soon as it incorporates
> these fixes. I could just pull the fixes in my own tree, but this would be
> duplicated effort.
> 
> Again, sorry for the hassle, but I feel these bugs require immediate attention.

Does NOBODY frickin read my -rc stable announcements?  This is only the
8th email today that I've gotten about this issue.

{sigh}

I don't know why I even bother at times...

Sorry, I don't mean to take it out on you, but please people, at least
do some basic searching.  Like look at the -stable queue git tree which
shows that a -rc has been released and is under review, or look at the
lkml traffic, or, subscribe to the stable-review mailing list or look at
its archives.

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/