Re: [PATCH v3] Documentation: Document the Linux Kernel CVE process

From: Greg Kroah-Hartman
Date: Fri Feb 16 2024 - 02:41:43 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH 03/13] dt-bindings: hwmon: lm75: add label property"
Previous message: Google: "Re: [PATCH v7 19/36] function_graph: Implement fgraph_reserve_data() and fgraph_retrieve_data()"
Next in thread: Jani Nikula: "Re: [PATCH v3] Documentation: Document the Linux Kernel CVE process"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 15, 2024 at 11:40:43AM -0800, Kees Cook wrote:
> On Thu, Feb 15, 2024 at 07:20:09PM +0100, Greg Kroah-Hartman wrote:
> > Here's an example of what the CVE announcement is going to look like for
> > a "test" that we have been doing for our scripts
> > https://lore.kernel.org/linux-cve-announce/2024021353-drainage-unstuffed-a7c0@gregkh/T/#u
> > ...
> > the latest release is impossible, the individual change to resolve this
> > issue can be found at:
> > https://git.kernel.org/stable/linux/c/f08adf5add9a071160c68bb2a61d697f39ab0758
>
> This is the "original fix", a v5.16 commit, which was backported to all
> the stables. For this case, that seems fine (it's pretty easy to grep
> the stable trees for the SHA).
>
> In the case of a fix only being in -stable, what will be listed for
> SHAs here? Each stable SHA? Something else?

I think listing all of the SHA values, stable and mainline, would be
best, right? No need for everyone to try to grep the trees, and bonus,
the json format has a specific field just for this as well. That's on
my todo list for today...

thanks,

greg k-h

Next message: Krzysztof Kozlowski: "Re: [PATCH 03/13] dt-bindings: hwmon: lm75: add label property"
Previous message: Google: "Re: [PATCH v7 19/36] function_graph: Implement fgraph_reserve_data() and fgraph_retrieve_data()"
Next in thread: Jani Nikula: "Re: [PATCH v3] Documentation: Document the Linux Kernel CVE process"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]