oss-sec mailing list archives
Re: Re: Please REJECT CVE-2011-4112
From: Petr Matousek <pmatouse () redhat com>
Date: Thu, 24 Nov 2011 17:32:36 +0100
On Thu, Nov 24, 2011 at 05:21:01PM +0100, Tavis Ormandy wrote:
Petr Matousek <pmatouse () redhat com> wrote:Hi, could you please reject CVE-2011-4112 as it is not a security bug. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=751006#c5 Thank you,Unrelated, but if it did not require CAP_NET_ADMIN, would you have considered it a security bug?
Yes.
I was under the impression that there was general agreement that NULL derefs that are handled gracefully are not security bugs any more. Is this because you're setting panic_on_oops?
Yes. That's the default in RHEL. Petr
Current thread:
- Please REJECT CVE-2011-4112 Petr Matousek (Nov 24)
- Re: Please REJECT CVE-2011-4112 Tavis Ormandy (Nov 24)
- Re: Re: Please REJECT CVE-2011-4112 Petr Matousek (Nov 24)
- Re: Please REJECT CVE-2011-4112 Tavis Ormandy (Nov 24)