On 17/11/2022 01.32, Fabio Estevam wrote:
On Mon, Nov 14, 2022 at 10:04 AM Tom Rini trini@konsulko.com wrote:
On Mon, Nov 14, 2022 at 10:35:51AM +0100, Rasmus Villemoes wrote:
On 14/10/2022 19.43, Rasmus Villemoes wrote:
tl;dr: b85d130ea0ca didn't fix the CVE(s), but did break tftp of certain file sizes - which is somewhat lucky, since that's how I noticed in the first place.
At this point it seems unlikely that any more comments or reviews will come, so perhaps its time to get these (all 7) merged to master, so that they will get some wider testing before the January release?
Yes, I'd like to see a net PR with this and perhaps a few other mature things?
Ramon, Joe?
Ping. If those two CVEs and the tftp brokenness are to get fixed in 2023.01, now is the time to pull in these patches, or provide a viable alternative.