CVE REJECT CVE-2015-3287

[Kurt Seifried <kseifried () redhat com>]

So I know we said no more CVE rejects here but this one is public and
already a mess.

Long story short I assigned the following CVE's to OpenAFS:

CVE-2015-3282 OpenAFS: vos leaks stack data onto the wire in the clear when
creating vldb entries
CVE-2015-3283 OpenAFS: bos commands can be spoofed, including some which
alter server state
CVE-2015-3284 OpenAFS: pioctls leak kernel memory
CVE-2015-3285 OpenAFS: kernel pioctl support for OSD command passing can
trigger a panic
CVE-2015-3286 OpenAFS: Solaris grouplist modifications for PAGs can panic
or overwrite memory

however they also used CVE-2015-3287 for
http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt

I definitely did NOT assign CVE-2015-3287 to OpenAFS, I double checked my
email to them and the commits to our file that we use to handle CVE
assignments.

I did in fact assign CVE-2015-3287 to Samba (for a still embargoed issue).
I was notified of this duplicate issue by Samba (basically asking me what
was going on).

Mitre: can you please REJECT CVE-2015-3287 and assign a NEW CVE for the
OpenAFS issue. I have assigned Samba a new CVE for their embargoed issue
already. Thanks.

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert () redhat com