Re: CVE request -- Linux kernel irda driver buffer

[security curmudgeon <jericho () attrition org>]

Previous discussion: 
http://marc.info/?l=oss-security&w=2&r=1&s=irda+driver&q=b

Mark Cox ruled "doesn't seem to have any security implications". Since 
then, 3rd party analysis suggests it still may in a different manner:

http://xorl.wordpress.com/2009/03/11/linux-kernel-irda-sigmatel-stir421x-off-by-one/

[..]

This could lead to information leak if request_firmware() gives some kind 
of output but I havent checked this.

[..]


Comments?