On Monday, 16 October 2017 23:53 Larry Finger wrote:
To whom it may concern:
I call your attention to the patch in https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/? id=fdf7cb4185b60c68e1a75e61691c4afdc15dea0e.
It is a part of the fix for CVE--2017-13080.
Thank you for the warning. I don't know the whole context so I would like to ask how urgent the issue is. In particular, is it OK to wait for the resolution of this comment http://lkml.kernel.org/r/CAHmME9rHMMAgJs3uQYpt15V8eh-PjDqioqURA3KPKEhc2a9OEg... or would it make sense to add the patch now (either with memcmp() or with crypto_memneq()) and update later? Michal Kubeček -- To unsubscribe, e-mail: opensuse-kernel+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-kernel+owner@opensuse.org