On Fri, Oct 21, 2016 at 03:24:23PM +0200, Romain Rivière wrote:
> On 21/10/16 14:57, Herbert Poetzl wrote:
>> Did you check that the CVE is relevant for 3.18.x?
>> If so, it should be easy to fix with a small patch.
>> Not sure that we care about the ASN.1 parser though.
> From what I can gather, it is, having been introduced
> in 3.10-rc1.
> The faulty code is still in 3.18 and the fix found here
> https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa
> applies nicely to 3.18.43.
> Dunno why it hasn't been backported though.
Maybe ask upstream then?
Might be that they just have forgotten about it.
Best,
Herbert
> HTH
> --
> Romain
Received on Fri Oct 21 15:22:10 2016