oss-sec mailing list archives
Re: CVE id request: busybox
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 03 Mar 2013 12:50:31 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/03/2013 08:01 AM, Michael Tokarev wrote:
03.03.2013 18:33, Piotr Karbowski wrote:On 03/03/2013 11:19 AM, Michael Tokarev wrote:What it has to do with Debian, besides that debian was first to actually submit this bug into its own bug tracker?Acctualy not the first, the bug was reported to busybox mailinglist on 18 Dec 2012.That's where I noticed it and submitted a bugreport to Debian BTS from there. Note that I didn't want to request a CVE# for that, and used a somewhat low severify value for the report in the Debian BTS (which was quite some time after the initial report). If I thought it deserves a CVE, I'd request one right after seeing the discussion in question :) But I guess we're muddling waters for too much already. I merely commented on the joke about Debian, -- the issue is definitely not debian-specific, Debian does not even use mdev from busybox (but allows to use it to the users). Thanks, /mjt
This actually raises a good point, due to Debian being a secondary source in most cases (e.g. upstream has a bug report which is then copied into Debian's bug tracker since Debian ships it) the dates and sometimes information is wrong. I will no longer be issuing CVE's for issues brought up through the Debian bugtracker without an original source to back it up, otherwise more mistakes will happen which is not good. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRM6mHAAoJEBYNRVNeJnmTM8cQAJZqQPpzsLaicBfyFwsnZ6gK 8IOdtaqDZdE6oYoV10QgvQa018ASXjED+blG8lvZptF2wVuXjVi3+C5uGY8J6UH7 REGCRShlplJ9798XzGxmFVcSezkOGQmZUvV8QSQRZHIqNfPuwSMsM6uwnXRlfDF3 VACwecuo76dSZ1+q3E2DUz9WcUYEnvRMoFwsJiTe/+uxCfcH4xMFYI9raofHAYRf FC3q34Elc+AXxzxF1MC1WE9HjrwmUYNx2bxhcuuGhzyv3TQztgrxO+8RCd9xXcc2 6Gt5ErQHY16LQ7DTv0I/1OpXEb5DgFrP6wDBb0RbONiZcm/k5QYgxpV+fInZylDT oBzNeUopyC0y7ZLVQDx++iKAeD7Dt+qhCPNtiHAPGvyj9cyIm+Kkt2t5KsQtOfkF vy35FGM3aXs6ZPaqtbQZ3CxUX8Bg0rBLjV9sF79yUyx+5ybg9U7NbnxEp27kKlZN OTXmwvwsQ3uCf3uv7/9uNCVD4Q95K+gfZAZtH9zgVFjwzbzAsVu6yNNQvz9/ShzM TjcGb77wW/IrGwFi7tslRlNARzSVWGBMbl8wsdum3Xctus4ZfYM6JSKhD9KlmM5L MxV596WPUb3mlqh2AhEOA2XBzv19jMejcH+EL7UnJONC+bf8FV32msmxtyRDVl97 V0DINRevLl/L+OxxMifm =lwSO -----END PGP SIGNATURE-----
Current thread:
- CVE id request: busybox Nico Golde (Mar 01)
- Re: CVE id request: busybox Kurt Seifried (Mar 02)
- Re: CVE id request: busybox gremlin (Mar 03)
- Re: CVE id request: busybox Michael Tokarev (Mar 03)
- Re: CVE id request: busybox Piotr Karbowski (Mar 03)
- Re: CVE id request: busybox Michael Tokarev (Mar 03)
- Re: CVE id request: busybox Kurt Seifried (Mar 03)
- Re: CVE id request: busybox Michael Gilbert (Mar 03)
- Re: CVE id request: busybox Kurt Seifried (Mar 03)
- Re: CVE id request: busybox Thomas Biege (Mar 05)
- Re: CVE id request: busybox Thomas Biege (Mar 05)
- Re: CVE id request: busybox Raphael Geissert (Mar 05)
- Re: CVE id request: busybox Kurt Seifried (Mar 05)
- Re: CVE id request: busybox Raphael Geissert (Mar 06)
- Re: CVE id request: busybox gremlin (Mar 03)
- Re: CVE id request: busybox Kurt Seifried (Mar 02)