ZDI-CAN-24679: New Vulnerability Report
Tom Rini
trini at konsulko.com
Thu Nov 14 17:33:54 CET 2024
On Thu, Nov 14, 2024 at 04:07:15PM +0100, Michal Simek wrote:
> Hi,
>
> On 11/14/24 15:56, Tom Rini wrote:
> > On Thu, Nov 14, 2024 at 04:02:29AM +0000, zdi-disclosures at trendmicro.com wrote:
> >
> > > Hi,
> > > Do you have any updates to share regarding this vulnerability report?
> >
> > Michal, microblaze-generic is the most active platform that enables
> > FS_JFFS2 by default and so vulnerable here. Can you find some resources
> > to look in to fixing this please? Thanks.
>
> We have actually discussed this recently and we have other issues with jffs2
> and not going to fix it or recommend to use it.
> JFFS2 should be removed from our configs and it is also not under our regression.
Ah OK, thanks. Adding a few more maintainers now then.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20241114/253d7372/attachment.sig>
More information about the U-Boot
mailing list