oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request - Linux kernel: VFAT slab-based buffer overflow

From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Wed, 27 Feb 2013 18:43:24 +0100
On Wed, Feb 27, 2013 at 3:48 PM, Greg KH <greg () kroah com> wrote:

That's not going to happen, and you know that, to do so would be totally
irresponsible of us and directly harm your users.


At least send oss-sec an email after the commit goes into the tree.
The people who are up to no good will see the commit and notice it (if
they didn't already notice it when the vuln was committed prior).
Might as well let distros and CVE people know about it too so they can
backport it into whatever stable kernel they maintain. Right now
there'll be a commit in the public repo for a bug sent to security@,
and oss-sec isn't informed.
Previous By Date Next
Previous By Thread Next

Current thread: