oss-sec mailing list archives
Re: fix to CVE-2009-4307
From: akuster <akuster () mvista com>
Date: Wed, 04 Apr 2012 06:47:08 -1000
On 4/3/12 4:55 PM, Kurt Seifried wrote:
On 04/03/2012 04:32 PM, akuster wrote:Hello, Was there a CVE assigned to commit d50f2ab6f050311dbf7b8f5501b25f0bf64a439b? Commit 503358ae01b70ce6909d19dd01287093f6b6271c ("ext4: avoid divide by zero when trying to mount a corrupted file system") fixes CVE-2009-4307 by performing a sanity check on s_log_groups_per_flex, since it can be set to a bogus value by an attacker. - ArminI assume you are talking about this: http://git.kernel.org/?p=virt/kvm/kvm.git;a=commitdiff;h=d50f2ab6f050311dbf7b8f5501b25f0bf64a439b
Yes. <snippet>
What specific do you want a CVE assigned for? For #1 I can see a CVE of the "a previous patch didn't completely fix the issue, yada yada" type.
Yeah, just wondering since I have seen this in the past. thanks, - Armin
Current thread:
- fix to CVE-2009-4307 akuster (Apr 03)
- Re: fix to CVE-2009-4307 Kurt Seifried (Apr 03)
- Re: fix to CVE-2009-4307 Xi Wang (Apr 03)
- Re: fix to CVE-2009-4307 Petr Matousek (Apr 11)
- Re: fix to CVE-2009-4307 Xi Wang (Apr 11)
- Re: fix to CVE-2009-4307 Xi Wang (Jun 04)
- Re: fix to CVE-2009-4307 Xi Wang (Apr 03)
- Re: fix to CVE-2009-4307 akuster (Apr 04)
- Re: fix to CVE-2009-4307 Kurt Seifried (Apr 12)
- Re: fix to CVE-2009-4307 Kurt Seifried (Apr 03)