|
Message-ID: <4EF4EA08.3050606@redhat.com> Date: Fri, 23 Dec 2011 13:52:24 -0700 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Moritz Muehlenhoff <jmm@...ian.org>, Eugene Teo <eteo@...hat.com> Subject: Re: Status of two Linux kernel issues w/o CVE assignments On 12/22/2011 09:44 AM, Moritz Muehlenhoff wrote: > Hi, > there were a two Linux-related CVE requests/discussions, which > didn't end up in an assignment: > > 1: rose: Add length checks to CALL_REQUEST parsing > e0bccd315db0c2f919e7fcf9cb60db21d9986f52 in mainline > > It was decided that this should be split, but without a final > resulting CVE assignment: > http://www.openwall.com/lists/oss-security/2011/04/12/1 Can anyone shed more light on this for me? (links to fixes/etc.?). > > 2: /proc/$PID/{sched,schedstat} information leak > Vasiliy Kulikov of OpenWall posted a demo exploit. > http://openwall.com/lists/oss-security/2011/11/05/3 > > AFAICS no CVE ID was assigned to this? I believe we are not assigning CVE's for these types of proc related issues, some discussion was had: https://lkml.org/lkml/2011/2/7/368 http://www.google.com/custom?domains=lkml.org&q=%2Fproc%2F+leaks but I'm not sure what the outcome is. CC'ing Eugene Teo. > > Cheers, > Moritz -- -Kurt Seifried / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.