[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PULL 5/5] nbd/server: CVE-2024-7409: Close stray clients at server-
|
From: |
Michael Tokarev |
|
Subject: |
Re: [PULL 5/5] nbd/server: CVE-2024-7409: Close stray clients at server-stop |
|
Date: |
Tue, 13 Aug 2024 09:30:58 +0300 |
|
User-agent: |
Mozilla Thunderbird |
[Trim CC list]
12.08.2024 17:44, Eric Blake wrote:
On Sun, Aug 11, 2024 at 11:02:52AM GMT, Michael Tokarev wrote:
..
Eric, from the 5-patch series, only this last patch is Cc'd for stable,
but it obviously does not work without all 4 previous patches. Do you
mean whole series should be applied to -stable?
I picked up patches 2-5 for 7.2 and 9.0.
You are correct that patch 5 in isolation won't work due to missing
pre-reqs, but also that 1 is fluff that doesn't need backporting; my
apologies for not more judiciously adding the cc to all 4 patches
worth the backport effort. I'm in the middle of efforts to backport
only 2-5 to various RHEL releases, so your choice to do the same for
7.2 and 9.0 matches what I'm doing downstream.
That's entirely okay, there's no reason to apologize, - I just wanted
to make sure I got it all correct, nothing more, - it's a purely working
moment.
Speaking of various RHEL etc releases, - maybe we should keep more stable
branches, sort of like I do with 7.2 which is used in Debian? Or is it
maybe a bad idea?
Thanks,
/mjt
- [PULL 0/5] NBD: fix CVE-2024-7409 for 9.1, Eric Blake, 2024/08/08
- [PULL 2/5] nbd/server: Plumb in new args to nbd_client_add(), Eric Blake, 2024/08/08
- [PULL 1/5] nbd: Minor style and typo fixes, Eric Blake, 2024/08/08
- [PULL 4/5] nbd/server: CVE-2024-7409: Drop non-negotiating clients, Eric Blake, 2024/08/08
- [PULL 3/5] nbd/server: CVE-2024-7409: Cap default max-connections to 100, Eric Blake, 2024/08/08
- [PULL 5/5] nbd/server: CVE-2024-7409: Close stray clients at server-stop, Eric Blake, 2024/08/08
- Re: [PULL 0/5] NBD: fix CVE-2024-7409 for 9.1, Richard Henderson, 2024/08/10