| Summary: | gentoo-sources-4.10.0 removed from portage, but not vulnerable to CVE-2017-6074 | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Jordan Patterson <jordanp> |
| Component: | Current packages | Assignee: | Gentoo Linux bug wranglers <bug-wranglers> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | josef64 |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Jordan Patterson
2017-02-24 17:07:10 UTC
(In reply to Jordan Patterson from comment #0) > I just noticed that gentoo-sources-4.10.0 was removed as part of a commit > removing 4.9.X kernels vulnerable to CVE-2017-6074. > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=7e5b2e4113a2f1c694a5b0504feb1a2876c735b4 > > Was this a mistake? 4.10.0 is not vulnerable. > > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/?h=v4.10 > > The commit "dccp: fix freeing skb too early for IPV6_RECVPKTINFO" fixes the > vulnerability and is part of the release. Almost sure that it was curves hands whoops commit f694a4343554dd0bebd7d46f61dd752db81333fb Author: Mike Pagano <mpagano@gentoo.org> Date: Fri Feb 24 12:59:04 2017 -0500 sys-kernel/gentoo-sources: Restore 4.10.0 |
