Date: Thu, 11 May 2006 10:33:12 -0700
From: Chris Wright <chrisw@sous-sol.org>
To: Maciej Soltysiak <solt2@dns.toxicfilms.tv>
Cc: Chris Wright <chrisw@sous-sol.org>, linux-kernel@vger.kernel.org
Subject: Re: Linux 2.6.16.16
Message-ID: <20060511173312.GI25010@moss.sous-sol.org>
References: <20060511022547.GE25010@moss.sous-sol.org> <296295514.20060511123419@dns.toxicfilms.tv>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <296295514.20060511123419@dns.toxicfilms.tv>
User-Agent: Mutt/1.4.2.1i
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1156
Lines: 31

* Maciej Soltysiak (solt2@dns.toxicfilms.tv) wrote:
> But this one looks important, something that every kernel build
> has in its code path, however I am unable to say if I need it badly
> or maybe not.

The patch fixes a possible user-triggerable system lockup or memory leak.
In both cases it's a local DoS.

BTW, the CVE folks have decided to track this as two separate issues:

CVE-2006-1860 - the system lockup
CVE-2006-1859 - the memory leak

> Could we have a word or two under each patchlet that would qualify them
> somehow?
> Like:
> "Important, not required for all, apply if using SCTP"
> "Important, required for all, may *do bad things*, apply ASAP"
> "Critical, required for all, surely will *do bad things*, apply ASAP"

Assigning any official severity is a bit of a slippery slope, but
making sure it's clear what type of issue (i.e. local DoS in this case)
is very reasonable.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/