oss-sec mailing list archives
Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established()
From: "Steven M. Christey" <coley () linus mitre org>
Date: Fri, 24 Apr 2009 18:28:45 -0400 (EDT)
On Thu, 23 Apr 2009, Eugene Teo wrote:
The bug exists since 2.6.27. http://git.kernel.org/linus/3f53a38131a4e7a053c0aa060aba0411242fb6b9This was assigned with CVE-2009-1360. Somehow http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1360 missed this reference even though this email was posted before xorl.wordpress.com wrote about it.
The URL above is equivalent to the http://git.kernel.org CONFIRM that's currently in the CVE. We have two main input streams for CVE: incoming requests, and already-public information in mailing lists or vuln DBs that we monitor. oss-security contains incoming requests but it also becomes public information that's monitored by other vuln DBs. Sometimes those VDBs pick up your CVE requests before we do. That's probably what happened here. (I wasn't the original CVE analyst for this bug.) - Steve
Current thread:
- CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo (Apr 20)
- Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo (Apr 22)
- Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Steven M. Christey (Apr 24)
- Re: CVE request: kernel: ipv6: null pointer dereference in __inet6_check_established() Eugene Teo (Apr 22)