I just noticed that gentoo-sources-4.10.0 was removed as part of a commit removing 4.9.X kernels vulnerable to CVE-2017-6074. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7e5b2e4113a2f1c694a5b0504feb1a2876c735b4 Was this a mistake? 4.10.0 is not vulnerable. https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?h=v4.10 The commit "dccp: fix freeing skb too early for IPV6_RECVPKTINFO" fixes the vulnerability and is part of the release.
(In reply to Jordan Patterson from comment #0) > I just noticed that gentoo-sources-4.10.0 was removed as part of a commit > removing 4.9.X kernels vulnerable to CVE-2017-6074. > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=7e5b2e4113a2f1c694a5b0504feb1a2876c735b4 > > Was this a mistake? 4.10.0 is not vulnerable. > > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?h=v4.10 > > The commit "dccp: fix freeing skb too early for IPV6_RECVPKTINFO" fixes the > vulnerability and is part of the release. Almost sure that it was curves hands
whoops commit f694a4343554dd0bebd7d46f61dd752db81333fb Author: Mike Pagano <mpagano@gentoo.org> Date: Fri Feb 24 12:59:04 2017 -0500 sys-kernel/gentoo-sources: Restore 4.10.0