Re: [Tails-dev] Linux CVE-2014-3153 and Tails 1.0.1

Delete this message

Reply to this message
Author: anonym
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Linux CVE-2014-3153 and Tails 1.0.1
06/06/14 15:12, intrigeri wrote:
> Hi,
>
> our stable branch, on which 1.0.1 will be based, still installs a 3.12
> kernel we had imported a while ago. I think we should really fix the
> last serious issue (CVE-2014-3153) that was unembargoed yesterday, in
> 1.0.1.
>
> I see two options:
>
>   a) find a set of backported patches and build our own 3.12 kernel,
>      for once (note that for different kernel versions, the fixes are
>      subtly different, from what I've read on oss-security, so this
>      might not be trivial)

>
>   b) upgrade to current sid's kernel (the one we would have shipped
>      in 1.1 if it hadn't been postponed)

>
> I'm in favor of (b): even if it's a bit risky, it feels less risky
> than trying to adapt security fixes on a kernel they weren't
> meant for.
>
> What do others, and especially the release manager, think?


I, as the RM, agrees that (b) seems like the by-far best course of
action. Are you preparing a branch so I can review'n'merge it, or would
you prefer it the other way around?

Cheers!