14 Nov
2024
14 Nov
'24
5:33 p.m.
On Thu, Nov 14, 2024 at 04:07:15PM +0100, Michal Simek wrote:
Hi,
On 11/14/24 15:56, Tom Rini wrote:
On Thu, Nov 14, 2024 at 04:02:29AM +0000, zdi-disclosures@trendmicro.com wrote:
Hi, Do you have any updates to share regarding this vulnerability report?
Michal, microblaze-generic is the most active platform that enables FS_JFFS2 by default and so vulnerable here. Can you find some resources to look in to fixing this please? Thanks.
We have actually discussed this recently and we have other issues with jffs2 and not going to fix it or recommend to use it. JFFS2 should be removed from our configs and it is also not under our regression.
Ah OK, thanks. Adding a few more maintainers now then.
--
Tom