oss-sec mailing list archives
CVE REJECT CVE-2015-3287
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 1 Sep 2015 22:37:04 -0600
So I know we said no more CVE rejects here but this one is public and already a mess. Long story short I assigned the following CVE's to OpenAFS: CVE-2015-3282 OpenAFS: vos leaks stack data onto the wire in the clear when creating vldb entries CVE-2015-3283 OpenAFS: bos commands can be spoofed, including some which alter server state CVE-2015-3284 OpenAFS: pioctls leak kernel memory CVE-2015-3285 OpenAFS: kernel pioctl support for OSD command passing can trigger a panic CVE-2015-3286 OpenAFS: Solaris grouplist modifications for PAGs can panic or overwrite memory however they also used CVE-2015-3287 for http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt I definitely did NOT assign CVE-2015-3287 to OpenAFS, I double checked my email to them and the commits to our file that we use to handle CVE assignments. I did in fact assign CVE-2015-3287 to Samba (for a still embargoed issue). I was notified of this duplicate issue by Samba (basically asking me what was going on). Mitre: can you please REJECT CVE-2015-3287 and assign a NEW CVE for the OpenAFS issue. I have assigned Samba a new CVE for their embargoed issue already. Thanks. -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 Red Hat Product Security contact: secalert () redhat com
Current thread:
- CVE REJECT CVE-2015-3287 Kurt Seifried (Sep 01)
- Re: CVE REJECT CVE-2015-3287 cve-assign (Sep 01)