[PATCH 0/6] broken CVE fix (b85d130ea0ca)

Rasmus Villemoes rasmus.villemoes at prevas.dk
Mon Nov 28 09:10:25 CET 2022


On 17/11/2022 01.32, Fabio Estevam wrote:
> On Mon, Nov 14, 2022 at 10:04 AM Tom Rini <trini at konsulko.com> wrote:
>>
>> On Mon, Nov 14, 2022 at 10:35:51AM +0100, Rasmus Villemoes wrote:
>>> On 14/10/2022 19.43, Rasmus Villemoes wrote:
>>>> tl;dr: b85d130ea0ca didn't fix the CVE(s), but did break tftp of
>>>> certain file sizes - which is somewhat lucky, since that's how I
>>>> noticed in the first place.
>>>>
>>>
>>> At this point it seems unlikely that any more comments or reviews will
>>> come, so perhaps its time to get these (all 7) merged to master, so that
>>> they will get some wider testing before the January release?
>>
>> Yes, I'd like to see a net PR with this and perhaps a few other mature
>> things?
> 
> Ramon, Joe?

Ping. If those two CVEs and the tftp brokenness are to get fixed in
2023.01, now is the time to pull in these patches, or provide a viable
alternative.



More information about the U-Boot mailing list