On Fri November 6 2009 3:40:53 am Marcus Meissner wrote:
On Fri, Nov 06, 2009 at 09:30:47AM +0100, Frank Steiner wrote:
Hi,
Marcus Meissner wrote
<snip>
not meaning to offend anyone, but as far as I can see the patch for this has been added on October 26th to the SuSE sources (SLE 10 SP2):
* Mon Oct 26 2009 - jkosina@suse.de - patches.fixes/fix-pipe-null-ptr.patch: fs: pipe.c null pointer dereference (bnc#550001, CVE-2009-3547).
So couldn't the kernels have been out a week ago?
First, the issue was handled as responsible disclosure with the disclosure date on this week (Nov 4 actually, but it turned out to be Nov 3).
Second, we do need QA time to actually test kernels.
Awwww, Marcus, we know these things flow fully formed from your pen.. I am not suggesting you don't need a few minutes to check that every token and pipe and all those things are all in their proper places.. ;-D
Thirdly, the patch listed above was buggy. Which we noticed on Tuesday and had to restart the update. Otherwise we would probably be ready now.
Now *THIS* could be a problem, except as usual you guys handled it very quickly.. and all is well. I'll have to check and make certain all my computers have the right numbers
Tue Nov 3 12:14:59 CET 2009 - jkosina@suse.de - patches.fixes/fix-pipe-null-ptr.patch: fix incorrect increment in pipe_write_open() in the changelog if you are testing KOTD kernels.
Thanks again for all the work you guys do to make this as smooth a ride as possible for all of us. Good Karma points all around for the team... OR... a virtual beer ... ;-D -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org