oss-sec mailing list archives

Re: CVE request - Linux kernel: VFAT slab-based buffer overflow

From: "Jason A. Donenfeld" <Jason () zx2c4 com>
Date: Thu, 28 Feb 2013 00:27:09 +0100

On Thu, Feb 28, 2013 at 12:17 AM, Daniel Kahn Gillmor
<dkg () fifthhorseman net> wrote:

Even if this were true, it takes much more than a single cycle to write
up a decent security report that can be understood by other people.
Communication takes time and effort.  Good communication takes even more
time and effort.


I agree with this. I was referring to Greg's first mentioned stage of
classifying the bug, which for some cases is easy, though, as I said,
not in all cases. What you refer to is Greg's mentioned second stage,
of notification. This often can indeed be time consuming, as you
mentioned.

Current thread:

Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow), (continued)
- - - Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe (Mar 05)
    - Re: handling of Linux kernel vulnerabilities Andreas Ericsson (Mar 04)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Mar 01)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 28)

(Thread continues...)