Fwd: Linux Broadcom 5820 Cryptonet Driver Integer Overflow

[Jon Peatfield]

I'm guessing that anyone with real inside info probably isn't willing to
publish it (yet) on such a public forum...

As far as I can tell from the patch the only possible case is iff chgrp()ing
a file which is in one of the groups of the process to another -- but in the
case of the nfsd I'm not sure exactly what that implies.  It might be that
the simple tests fail 'cos the client also does a check so it would only
be a problem if one exported to hosts which were running hacked clients.
(I'm guessing here of course).

I've been waiting for the -35* kernels to get a bit further -- I see they are
now in updates-testing/ so can someone tell me what the procedure is to get
them moved into updates/ ?  If it just requires a few zillion extra QAs I'll
prod the people (in other departments here) who run RH73/9 etc to try the
update-testing/ versions.

I wouldn't want -36 (or whatever) to cause people not to want to test -35
or there will *never* be a kernel update.

Of course I'm happy enough running the versions I patch/build myself but I
guess that most RHL users arn't.

 -- Jon