oss-sec mailing list archives
Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs
From: Solar Designer <solar () openwall com>
Date: Thu, 7 Mar 2013 23:48:16 +0400
Steve, On Thu, Mar 07, 2013 at 06:09:52PM +0000, Christey, Steven M. wrote:
This is a major challenge for CVE, but to do bug-based assignments [...]
What about per-subsystem assignments? (In Linux kernel context and in general.) I think this is what would make sense here. Kurt assigned just one CVE ID for 21 bugs across multiple subsystems, with the only things in common being that these are infoleak bugs and that they were brought to oss-security at once. With per-subsystem assignments, we'd have up to 11 CVE IDs for these 21 bugs, or maybe fewer (depending on what to count as separate subsystems) - but definitely not just 1.
Note - the more fundamental problem here is that CVE is being used much earlier in the disclosure process than it used to be, and it's basically being used as a universal bug ID.
Maybe CVE should support such use to the extent that it is reasonable for CVE to do so. Alexander
Current thread:
- CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 05)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 06)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Mathias Krause (Mar 06)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
- RE: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Christey, Steven M. (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Petr Matousek (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Thomas Biege (Mar 08)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Solar Designer (Mar 07)
- Re: CVE Requests (maybe): Linux kernel: various info leaks, some NULL ptr derefs Kurt Seifried (Mar 06)