From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Including patch for CVE-2020-25705 into upcoming Core Update 153? Date: Wed, 18 Nov 2020 19:30:26 +0000 Message-ID: <97EF20AF-6051-4C72-828E-C6E61C796F02@ipfire.org> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7255651147644113412==" List-Id: --===============7255651147644113412== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Even better. Thank you for checking, Arne. -Michael > On 18 Nov 2020, at 18:34, Arne Fitzenreiter wrote: >=20 > It is already in kernel since 4.14.203 >=20 > File to patch: > Skip this patch? [y] > Skipping patch. > 1 out of 1 hunk ignored > patching file net/ipv4/icmp.c > Reversed (or previously applied) patch detected! Skipping patch. > 2 out of 2 hunks ignored -- saving rejects to file net/ipv4/icmp.c.rej > make: *** [linux:137: /usr/src/log/linux-4.14.206-ipfire] Error 1 >=20 >=20 >=20 >=20 > Am 2020-11-17 12:05, schrieb Michael Tremer: >> Hello, >> Yes, we should add this patch to the currently open next branch. >> Who will send a patch? >> Best, >> -Michael >>> On 16 Nov 2020, at 16:10, Peter M=C3=BCller = wrote: >>> Hello *, >>> since Core Update 153 is already scheduled to come with a new kernel, inc= luding this >>> patch against CVE-2020-25705 (dubbed "SADDNS" at the time of writing) int= o it makes >>> sense IMHO: >>> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit= /?id=3Db38e7819cae946e2edf869e604af1e65a5d241c5 >>> Further reading is available at, for example, ZDNet: >>> https://www.zdnet.com/article/dns-cache-poisoning-poised-for-a-comeback-s= ad-dns/ >>> Thanks, and best regards, >>> Peter M=C3=BCller --===============7255651147644113412==--