oss-sec mailing list archives
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
From: Yves-Alexis Perez <corsac () debian org>
Date: Fri, 01 Mar 2013 15:18:23 +0100
On mer., 2013-02-27 at 13:44 -0800, Greg KH wrote:
On Wed, Feb 27, 2013 at 10:26:16PM +0100, Yves-Alexis Perez wrote:On mer., 2013-02-27 at 10:05 -0800, Greg KH wrote:Yes, I need someone to actually do this. There used to be a Red Hat security team member that did this, or so I thought. What happened to that process? I'll ask on security () kernel org if someone wants to volunteer to do this, but if not, are you, or anyone else you know/trust willing to do so?And do you think it'd be possible to have the same kind of notifications for (know security) issues not on security@k.o but committed to the tree?That's the whole problem here, who is going to do such a classification, and after that, the notification? The first part is the toughest to do, as discussed elsewhere in this thread.
I might have been not clear, but I was merely speaking of *already known* security issues, not “to be classified (or not)” ones. I do know classification is hard, but if I understand correctly: - there are issues which are known to be security ones at commit times - some of them have been sent before to security@k.o - some of them have not because subsystems maintainers don't want (like networking) to go through that alias (why?) I was merely speaking of those latter issues. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Re: handling of Linux kernel vulnerabilities, (continued)
- Re: handling of Linux kernel vulnerabilities Andreas Ericsson (Mar 04)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Mar 01)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 28)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)