Fixed
Status Update
No update yet.
Comments
jv...@google.com
ad...@google.com
Could you CC the reviewers to this bug so that they can access it - just so we can get the relevant people involved.
Also is it possible to attach the patch to this bug report so we can see what is involved on the clang side?
Also is it possible to attach the patch to this bug report so we can see what is involved on the clang side?
ad...@google.com
adding Chandler, who will have useful opinions on landing mitigations for embargoed vulnerabilities in the LLVM tree
In the past (e.g. when Intel disclosed LVI) our approach was to have patches ready to go and pre-reviewed by appropriate (and appropriately read-in) code owners but not post the patches "for real" until the embargo lifted. Usually this was part of a larger comms strategy where announcements were made in other forums.
Is there an entity beyond security@kernel.org that's coordinating this disclosure?
In the past (e.g. when Intel disclosed LVI) our approach was to have patches ready to go and pre-reviewed by appropriate (and appropriately read-in) code owners but not post the patches "for real" until the embargo lifted. Usually this was part of a larger comms strategy where announcements were made in other forums.
Is there an entity beyond security@kernel.org that's coordinating this disclosure?
Description
Steps to reproduce:
1. Download the attached zip
2. Run repro.bat.
Note: you may need to update the paths in the script to a different aapt.exe and/or android.jar location.