Re: CVE-2014-9900 fix is not upstream
From: Ben Hutchings
Date: Tue Aug 23 2016 - 13:35:36 EST
On Tue, 2016-08-23 at 09:40 -0700, David Miller wrote:
> From: Luis Henriques <luis.henriques@xxxxxxxxxxxxx>
> Date: Tue, 23 Aug 2016 14:41:07 +0100
>
> > Digging through some old CVEs I came across this one that doesn't
> seem be
> > in mainline. Was there a good reason for not being sent upstream?Â
> Maybe it was
> > rejected for some reason and I failed to find the discussion.
>
> Because the patch is completely bogus, and thus so is the CVE.
>
> The variable initializer clears out the entire structure.
>
> Until you can show compiler output from gcc that shows it not
> initializing the structure I will not apply this patch because I know
> that it faithfully does.
On some versions and architectures. ÂCan you guarantee that you will
notice when an exception appears?
Ben.
--
Ben Hutchings
The program is absolutely right; therefore, the computer must be wrong.
Attachment:
signature.asc
Description: This is a digitally signed message part