oss-sec mailing list archives
Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 5 Sep 2013 10:30:52 +0200
On Thu, Sep 05, 2013 at 11:23:49AM +0300, Dan Carpenter wrote:
On Wed, Sep 04, 2013 at 08:30:05PM -0600, Kurt Seifried wrote:Please use CVE-2013-4300 for this issue. Stupid Q, any reason why this couldn't be sent to http://oss-security.openwall.org/wiki/mailing-lists/distros to give vendors a heads up (also we can get it a CVE prior to public release then)?The original patch was sent to netdev and lkml publicly from the start. https://lkml.org/lkml/2013/8/22/462 We do have someone who is supposed to forwarding security bugs from security () kernel org to distros. I'm not on distros but apparently this wasn't happening properly so we've recently assigned another person to help with this.
As you said, the patch was sent to public mailing lists clearly saying "This is a security bug.". If anything, this should have been forwarded to oss-security, there's no point to forward to distros when the issue is a) public and b) clearly marked as security fix. -- Petr Matousek / Red Hat Security Response Team
Current thread:
- CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Agostino Sarubbo (Sep 04)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Kurt Seifried (Sep 04)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Dan Carpenter (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Petr Matousek (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Agostino Sarubbo (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Dan Carpenter (Sep 05)
- Re: CVE request: Kernel PID Spoofing Privilege Escalation Vulnerability Kurt Seifried (Sep 04)