Re: CVE-2010-4075/CVE-2010-4076/CVE-2010-4077

[Ben Hutchings]

On Fri, 2011-01-14 at 18:35 +0100, Moritz Mühlenhoff wrote:
 What shall we do with CVE-2010-4075, CVE-2010-4076, CVE-2010-4077
 at this point of the freeze?
 
 Should be fixed by d281da7ff6f70efca0553c288bb883e8605b3862
 and 0587102cf9f427c185bfdeb2cef41e13ee0264b1 , but would change
 the ABI. 
 
 We could postpone it to a later point update, where we change the
 ABI along with more serious issues requiring an ABI bump?

I think I can see how to do this without an ABI bump:

- Add the function pointers at the end of the structures (#ifndef
__GENKSYMS__).

- Define a new flag in tty_driver::flags indicating whether
ops-get_icount is valid.

- Define a new 1-bit bitfield in struct usb_serial (#ifndef
__GENKSYMS__) indicating whether type-get_icount is valid.

I'll try to implement this now.

Ben.

-- 
Ben Hutchings
Once a job is fouled up, anything done to improve it makes it worse.


signature.asc
Description: This is a digitally signed message part

CVE-2010-4075/CVE-2010-4076/CVE-2010-4077

[Moritz Mühlenhoff]

What shall we do with CVE-2010-4075, CVE-2010-4076, CVE-2010-4077
at this point of the freeze?

Should be fixed by d281da7ff6f70efca0553c288bb883e8605b3862
and 0587102cf9f427c185bfdeb2cef41e13ee0264b1 , but would change
the ABI. 

We could postpone it to a later point update, where we change the
ABI along with more serious issues requiring an ABI bump?

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/slrnij12a7.52c@inutil.org